What is a drive-by download attack?

A drive-by download attack refers to the malicious installation of programs on your devices without your consent or knowledge. These attacks can occur even on legitimate websites, making them difficult to detect. 

How do drive-by download attacks work?

Drive-by download attacks can infiltrate your devices in two main ways: authorized downloads with hidden payloads and unauthorized downloads without your knowledge. 

• Authorized downloads: Hackers create vectors for malware delivery through deceptive links and downloads. Users interact with these vectors, unknowingly installing malware on their devices. For example, you may receive a link that appears to be from a trusted source, but it leads to a website that installs malware on your computer or mobile device.
• Unauthorized downloads: These attacks occur when hackers compromise web pages and exploit security flaws to download malware onto your device without your prompt or action. Exploit kits are commonly used to identify web server and device vulnerabilities, allowing hackers to exploit these security gaps and distribute malware. 

Read more: How to identify and prevent malware in healthcare 

Preventive measures for website owners

As a website owner, you must strengthen your infrastructure to protect users from drive-by download attacks. Here are some preventive measures you can take:

• Keep all website components up to date: Regularly update themes, add-ons, plugins, and other infrastructure to ensure you have the latest security fixes.
• Remove outdated or unsupported components: Attackers can exploit old software without regular security patches. Remove any components that are no longer actively maintained or supported.
• Use strong passwords and usernames for admin accounts: Weak passwords and default usernames are easy targets for brute force attacks. Use complex passwords and unique usernames to secure your admin accounts.
• Install protective web security software: Consider using monitoring software to detect and prevent any malicious changes to your website's backend code.
• Review advertisement practices: Advertisements can be a vector for drive-by downloads. Ensure that the advertisements displayed on your website are from trusted sources and not potentially compromised.

Read also: What is a brute force attack?

Tips for endpoint users

As an endpoint user, protecting your devices from drive-by download attacks is necessary. Here are some tips to help you stay safe:

• Use a non-admin account for daily use: Create a secondary account without admin privileges for your everyday activities. Only use your computer's admin account for program installations to prevent unauthorized drive-by downloads.
• Keep your web browser and operating system up to date: Install updates promptly to patch security vulnerabilities that could be exploited by drive-by download code.
• Limit unnecessary programs and apps: Minimize the number of plugins and software installed on your device, as they can increase your susceptibility to infections. 
• Use Internet security software: Install a reliable Internet security software solution on all your devices. These programs keep your malware definitions current and proactively scan websites for known compromised sites.
• Be cautious of visiting suspicious websites: Avoid websites that may contain malicious code. Stick to mainstream and well-established sites to reduce the risk of drive-by downloads.
• Examine security popups before clicking: Be wary of deceptive ads that mimic legitimate alerts. Look out for typos, odd grammar, and blurry images, which could indicate a scam attempting to lead you to an attack site.
• Use an ad-blocker: Drive-by download attacks often use online ads to distribute malware. Using an ad-blocker can help reduce your exposure to this type of attack.

See also: HIPAA Compliant Email: The Definitive Guide