AccessNow is now part of Ericom Connect.
Try the Ericom Connect online demo now or contact an Ericom representative
to discuss the solution you need.
ERICOM CONNECT DEMO
What is a Drive-By Attack?
What is a drive-by attack? How can drive-by attacks be detected and prevented?
What is a drive-by attack?
A drive-by attack, also known as a drive-by download attack, refers to a cyberattack in which a malicious script causes a program to download and install itself on a user device, without explicit permission from the user. It can happen on any user device, running any operating system. Often, these attacks occur when the user navigates to and browses a compromised web page.
Drive-by attacks often use exploit kits to launch the automatic download. Exploit kits are malicious pieces of software, created by hackers to identify vulnerabilities in a device, web browser, or web-based app. These weaknesses are then used to launch the automatic download process and carry out the attack. Drive-by attacks are designed to infect devices, steal information, and/or cause damage to data.
Drive-by attack methods
Drive-by attacks are named as such because the download occurs silently, as they pass by, leaving users mystified as to how their devices was infected. There are two main methods through which drive-by downloads can infect a user device:
In these cases, there is no direct user action which causes the download to begin. In other words, the attack is launched when the user visits a compromised webpage, without the need for any interaction with the page, not even a single click.
To create such an attack, the hacker injects malicious code into the web page by exploiting flaws in the website’s security. When the user first visits the page, the code identifies any security vulnerabilities in either the user’s web browser or the user’s device, and triggers the malware download through these vulnerabilities.
With authorization under false pretences
Sometimes, there is a user action involved in a drive by download, but under false pretences. There are a few different ways this can be done, for example:
A pop up advert could have an ‘X’ in the corner that disguises itself as a close button, but actually acts as a catalyst for starting a malicious download once pressed.
A link could appear legitimate, but clicking on it could cause the download to begin.
An email attachment which looks safe could actually be malicious, as part of a social engineering or phishing scheme, and clicking on it will launch the download.
All three examples involved a simple click or button press. These actions allow the attacker to claim that the user authorized the download, when in reality the user did not realize the implications of their actions, as the true intentions of the attacker were hidden. In this way, the hacker can get away with the download without being detected.
How can drive-by attacks be detected and prevented?
To prevent and detect drive by attacks, a number of different steps can be taken:
Avoid suspicious websites
Of course, care should always be taken not to visit suspicious websites in the first place.Try and stick to browsing well-known sites with valid security certificates.
Many browsers will show security warnings when something isn’t right with a web page. If a browser blocks access to a web page because it seems suspicious, or something is wrong with its security certificate, don’t proceed without a really good reason.
When in doubt, don’t click
To avoid falling victim to a drive-by attack, it’s important to verify that all links are legitimate before clicking on them. Pay particular attention to advertisements, and anything that promises some kind of reward, or encourages you to input valuable data. Look out for the common signs of suspicious content, such as low quality images, or spelling mistakes.
It’s also possible to install an ad-blocker as a browser extension, which prevents advertisements from appearing altogether. This can avoid potential misclicks that could lead to a drive-by download attack. Just make sure that the ad-blocker is from a trustworthy source too.
Only download software from legitimate sources
When you’re downloading software, make sure the site you’re downloading from is known, secure, and reputable. In addition, whenever installing software, make sure not to install any of the optional extra software (‘bundleware’) that comes with it, in case it contains malicious code.
A related recommendation is to delete any software on your device that you don’t use, and anything that is no longer supported by the software vendor.
Use a comprehensive security strategy
It’s always important to have robust antivirus and firewall software solutions in place to detect threats such as malware. These traditional security solutions provide an important layer of protection between the user and the Internet. However, they do leave some gaps, as they can only detect known threats using a signature-based approach.
It’s crucial that a multilayered approach to security is taken, by adding advanced security solutions that work with a prevention-based approach, to prevent even the latest, unknown, zero-day threats. For example, using remote browser isolation allows all code to be run in a virtual container, so no malicious code runs on the endpoint computer at all, preventing drive by download attacks from being successful. For the user, the browsing experience remains the same, with a virtual, interactive content stream.
Keep your software up-to-date, including your operating system
To ensure the highest levels of protection against malware and other web-based threats, keep all of your software up-to-date, including the automatic updates that are run by your operating system. Often, when security vulnerabilities are discovered, the software vendor will come up with a patch or fix to address the issue. If the user hasn’t updated their software regularly, the software will be more vulnerable to exploits and drive by download attacks, due to the unresolved vulnerabilities that are present. This is especially important for web browsers, and other software that has access to the Internet. It goes without saying that security software should also be kept up-to-date, for the detection of recently discovered threats.
A special note for website owners
As mentioned above, hackers use website security flaws to inject malicious code (as part of an exploit kit) and launch a drive-by download attack. Website owners should take the following precautions, to ensure their website is secure and doesn’t present a security risk to site visitors:
Make sure the advertisements being displayed on the site are safe for visitors to click on.
Use strong admin passwords that aren’t easy for hackers to guess.
Use web security software, and keep it up-to-date.
Ensure all web applications used by the website are up-to-date, and still supported.
For more information about Drive-By Attacks, see these blog posts:
We worked with Ericom to implement a web security solution that provides the highest level of protection against web-based cyberthreats. This gives our employees the broad secure web access they need to remain productive while ensuring our organization remains secure.
Paul E. Rousseau, SVP IT Architecture and
Engineering Director at Enterprise Bank
TEST FONT SIZES