Drive-By Download Attack

What Is a Drive-By Download Attack?

A drive-by download attack is a cyber threat technique that allows threat actors to install malicious programs onto devices without user-initiated downloads. Unlike many other cyberattacks that rely on human error for network access, drive-by download attacks exploit security vulnerabilities within an operating system so that user devices become infected by simply visiting a compromised website. As these attacks enable covert network infiltration, they facilitate threat actors' abilities to eavesdrop on user interactions, steal sensitive information, and infect systems with malware or ransomware. 

Types of Drive-by Download Attacks

Drive-by download attacks infiltrate devices in the following ways.

Unauthorized Downloads

Although drive-by downloads often operate through websites that provide mature and illegal content or via file-sharing platforms, reputable websites can also be compromised with hidden malicious code. Due to the apparent legitimacy of infected sites and the limited interactions required to infect devices, users are often unsuspecting of drive-by download attacks.

Threat actors take advantage of a website's security flaws through unauthorized downloads, changing lines of code and exploiting zero-day vulnerabilities. They then inject malicious code into the compromised website so that users who visit the infected site expose their devices to malware without downloading anything. 

Authorized Downloads

Authorized downloads also occur through compromised websites but are triggered by users interacting with malicious prompts, such as package warnings, pop-up advertisements, security check messages, and even the "X" icon a user might click to close these prompts. Once users click on the malware delivery vector, they unknowingly launch a download on their device and give threat actors access to their systems.

The most common way of enabling drive-by attacks is through bundle wares, additional applications linked to the original software users try downloading. These programs can camouflage malicious applications and are often arranged so that users have few options other than giving access to the malware.

High-Profile Drive-by Download Attacks

Mac Flashback: In March 2012, approximately 600,000 Apple MacBooks were infected with malware. Threat actors infiltrated devices by releasing a WordPress plug-in that discreetly exposed any WordPress-powered website or software to viruses. When visitors interacted with infected pages, they were rerouted to malicious sites controlled by threat actors. The malware's payload took over all advertising on the page, replacing it with ads that generated revenue for the threat actors.

NBC.com Drive-By Downloads: Threat actors infiltrated the NBC website in February 2013, exploiting HTML elements called iframes. By leveraging this component, drive-by downloads of the Citadel Trojan virus were employed, stealing personal and financial information. 

How to Prevent a Drive-by Download Attack

IT security teams can take the following steps to prevent drive-by downloads from impacting sensitive company assets: 

Educate Employees on Cybersecurity Best Practices

Implementing robust security awareness training is an effective defense against cyberattacks. Employees that know how to identify and respond to threats such as drive-by downloads help mitigate the chance of infiltration. 

Keep Software and Applications Updated

Exploiting outdated operating systems is the most common infiltration method for drive-by download attacks. Organizations can patch vulnerabilities that malicious actors often target by regularly updating software and ensuring that employees use the latest versions of their browsers.

Deploy Endpoint Security

Endpoint security protects all individual devices from infiltration by detecting and preventing unauthorized access. By securing all possible network entry points, endpoint security protects sensitive information from being compromised by cyberattacks.

 Implement Principle of Least Privilege

Limiting users' administrative access to critical assets and resources minimizes the harm a drive-by download might cause if malicious actors gain access to a system. Organizations can safeguard their data more efficiently by granting only the minimum necessary access required to complete a task.

CylanceGUARD for Malware Protection

As a human-centric subscription-based 24x7x365 Managed XDR service, CylanceGUARD® provides the expertise and support businesses need to prevent and protect against ransomware attacks. CylanceGUARD combines the comprehensive expertise embodied by BlackBerry Cybersecurity Services with AI-based Endpoint Protection (EPP) through  through CylanceENDPOINT. In short, CylanceGUARD provides businesses with the people and technology needed to protect the enterprise from the modern threat landscape.
LEARN MORE

Related Resources:

Resource Icon Data Loss Prevention (DLP) Resource Icon Endpoint Security Resource Icon Endpoint Protection Platforms (EPP) Resource Icon Endpoint Detection and Response (EDR) Resource Icon Extended Detection and Response (XDR) Resource Icon Identity and Access Management (IAM) Resource Icon Managed Detection and Response Resource Icon Managed XDR Resource Icon MITRE ATT&CK Framework Resource Icon Mobile Threat Defense (MTD) Resource Icon User and Entity Behavior Analytics (UEBA) Resource Icon Zero Trust Architecture Resource Icon Zero Trust Network Access (ZTNA) Resource Icon Zero Trust Security Resource Icon Security Information and Event Management (SIEM) Resource Icon Secure Access Service Edge (SASE)
More Resources