A drive by download attack occurs when a user visits a webpage or clicks on a seemingly legitimate link and initiates an automatic download of malicious content that can circumvent permission requests and security tools. This attack strategy can be extremely dangerous because users do not have to visit an obviously malicious website for it to occur, and sometimes hackers can infect a perfectly legitimate site with malware that is ready to be downloaded as soon as a vulnerable system interacts with the webpage. SMBs must be ready for this attack strategy because it does not come with obvious warning signs and often occurs without the user even noticing.
What is a Drive by Download Attack?
Drive by download attacks will attempt to leverage vulnerabilities in devices or applications that allow for permissions to be circumvented and malware to be installed on a device automatically. This means hackers will try to hide their attack in plain sight by exploiting a webpage with weak security to immediately download malicious content to a device or redirect an advertisement that a user clicks while on a website. Drive by download attacks can be especially dangerous for small and medium businesses because they will use zero-day vulnerabilities to surprise unsuspecting victims, and it can be difficult for businesses to defend against this threat without the right help.
Common Attack Strategies
After an infected website is visited or a malvertising link is clicked, a download will initiate which directly installs malware or the software necessary to launch an attack. The attackers will attempt to siphon data from the victim, such as personally identifiable information (PII) or login credentials. Malicious actors will try to infect a user’s computer with a wide variety of payloads, depending on that aim of their attack. Ransomware, trojans, and the tools necessary to launch man in the middle attacks are common attacks that result from drive by downloads, and without the proper cybersecurity solutions put in place, a business can become a victim without the attack even being noticed.
Defending Against Drive by Downloads
To defend against drive by downloads, small and medium businesses should enforce strong updating policies to ensure devices and applications that may have vulnerabilities leveraged in these attacks are less likely to be an attack vector. Applications that employees use should also be downloaded from consistent and reliable sources to ensure that employees aren’t navigating to unsafe sites to have the tools they need to do their job. Additionally, every business should have a reliable endpoint protection solution protecting the devices employees use so that malicious content can have a better chance of being stopped even after a successful drive by download attack.
Summary
Drive by download attacks are alarming because of their stealth and the damage they can cause without anyone in the company realizing how the attack got through. However, small and medium businesses do not need to face this threat unprepared. With the help of a reliable small business IT consultant like Robinett Consulting, businesses can implement the right cybersecurity tools and company policies to help prevent cyberattacks like drive by downloads. Your business can work with one of our cybersecurity specialists in a one-on-one complimentary consultation today to see if we can help your business better protect itself from drive by downloads and other threats!