Drive-By Downloads Explained

Drive-By Downloads Explained

by Adam
September 29, 2022

If a drive-by attack is what it sounds like, it is the installation of malware onto a device without opening any links or downloading any files on the device. Without clicking, downloading, or even opening anything, an attack can take advantage of a device with security flaws caused by failed or omitted updates. Such attacks can be both intentional and unintentional. Here we will look into what it is, how it is done and how you can stay safe from such attacks.

A drive-by download attack is what it sounds like

Malicious programs are installed on devices without the consent of the users. It is the installation of malicious code on a computer. It takes over a device, monitors the device’s activities, and corrupts data or renders the device inoperable. Downloads can be both intentional and unintentional. It could be a variety of malware.

Authorised drive-by download attacks

It is a method where a user performs an action that results in an infection. It includes malware delivery methods such as online messages, ads, or legitimate downloads, as well as interaction with the link, such as installing malicious code and granting access to the attacker. A social engineering technique is used to entice a user to perform a malicious action here. Thus, a malicious code is downloaded by a user.

Unauthorised drive-by download attacks  

It is a method where a user visits a website and becomes infected, even if the website is legitimate. A user initiates the action by visiting a compromised webpage. In this case, hackers compromised frequently visited websites. Malicious scripts are embedded in legitimate web pages. When a user visits a page, the infection occurs without the user’s knowledge or consent. A browser downloads malicious code that scans your computer for security flaws, and downloads malware.

Security gaps as a reason for a drive-by download attack success

The digital environment makes us constantly vulnerable to cyber criminals. Every application has a security flaw. There is always the risk of downloading malicious code before the software is updated. So here is the list of software that is the most frequently compromised:

  • Browsers
  • Plug-ins
  • Adobe
  • WinZip
  • Security applications are also vulnerable to such attacks.

Drive-by download attacks compromise your privacy and deliver adware. They compromise your safety and allow spyware to steal your credentials. Cyber criminals may also pass such information on to third parties. The following are the sources of drive-by download attacks. A user can receive a malicious code through: 

  • The Internet
  • The content of emails and attachments
  • The pop-up advertisement

What is a supply chain attack?

A drive-by download attack prevention

As a user, an employee serves as the organisation’s first line of defence against cyber security threats. So here is what we suggest doing:

  • Keep your software continuously updated
  • Remove outdated software and plug-ins
  • Install web security protection: firewall, anti-virus, ad-blocker, and anti-spy programs
  • Unable website security to monitor for possible malicious attacks
  • Disable file sharing over public networks
  • Restrict access to unauthorised users 
  • Encrypt your data
  • Improve your password and username security
  • Be aware of attachments and links. Scan them before interacting with them. 

Be aware of malware. Click here to learn more about it.

Cyber security is a very serious business and one that has continued to grow in importance over the past few years. To ensure that you are protected against the most recent cyber security threats, you need to know if you are vulnerable. MonkPhish allows you to safely perform simulated cyber attacks on your network in order to determine its vulnerabilities.

It is a comprehensive tool that will make the internal cyber security environment easier to manage. We hope that you learned something from this blog and that you will continue to follow us in the future! If you want to learn more about MonkPhish, please contact Adam.

Related Stories

August 25, 2022

Cyber Security and Privacy Challenges. Tips, Tricks and Traps.

Cyber security is a growing concern. Learn more about privacy and cyber security in this blog.

January 6, 2022

Know about cyber attacks before they happen

Insufficient security measures led to almost 57% of social engineering cyber attacks on businesses in 2021 - and they were more frequent and targeted too!

November 17, 2022

Get rid of Spyware Now

Spyware is a type of malware that can infect your computer, smartphone, or tablet. It can collect your personal information and send it to a remote server. In this blog, you will learn what spyware is, how to detect it, and how to protect yourself from it.