Most people don’t think twice about the websites they visit, they click quickly on them, and they don’t pay much attention to whether a link will redirect them or whether a secure protocol is being used.
This is often not a problem, but if you visit a site that has been compromised, your system can quickly become infected by the cybersecurity threat known as Drive-by Download.
What Are The Drive-By Download Attacks
The drive-by download attacks refer to the automatic downloading of software onto a user’s device, without the user’s knowledge or consent. This can happen while the user is browsing a legitimate website or even through a malicious ad displayed on a secure site.
Unauthorized downloads are unintentional and generally malicious downloads and divide into two categories:
a) No user’s knowledge: This is the type of attack that most people think of when they hear the term automatic download because victims can get infected without even stopping to click. It’s like getting hit even though they’re just driving around the web page.
b) Without the full understanding of the user: Unauthorized downloads also reach computers and devices misleading users. One technique is for attackers to disguise a file as something it is not. A user can accidentally install malware or a rogue program under the assumption that they are downloading legitimate software, such as when hackers trigger virus notifications that appear to be coming from legitimate antivirus to scare you and prompt you to take deceptive measures to remove it.
How Do Drive-By Download Attacks Work?
Most types of drive-by downloads take advantage of vulnerabilities in web browsers, operating systems, Java, or file viewers and editors such as Microsoft Office and Adobe Flash.
In a typical attack scenario, the threat actor’s goal is to compromise the victim’s machine and enlist it in a botnet. Through this initial security breach, the attacker can take advantage of the user’s device control for lateral movement.
This happens through 6 steps: Injection, Vulnerability Exploitation, Download, Execution, Remote Control, and Lateral Movement.
Examples of Drive-By Download Attacks
Automatic downloads can be used in a wide range of circumstances, often leading to devastation for victims. Below is a collection of recent campaigns that involved automated downloads at some stage in their attack strategies:
- Lurk: This cybercrime group is still the best known for this type of attack. Their biggest known criminal act was to inject malicious iFrame into popular Russian websites to generate $45 million.
- Patchwork: Patchwork: Also known as Dropping Elephant and Chinastrats, Patchwork is a cyberespionage group that primarily focuses on Asian targets, although it has also been involved in the US and Australia. They made a fake Yokou Tudou platform (like a Chinese version of YouTube) and forced downloads of an alleged Adobe Flash update that turned out to be malware.
- ShadowGate: Also South Korean; they mainly made use of the GreenFlash Sundown exploit kit to spread. Their goal was to spread through Revive Adserver and got into notable sites like onlinevideoconverter.com, a YouTube video converter.
Protect Your Business From Drive-By Download Attacks
While automated downloads may seem scary, the good news is that you can dramatically reduce the risks you face with a few simple steps.
- Keep everything up to date: In most cases where unauthorized downloads infected targets without user action, they do so by exploiting security vulnerabilities in older versions of software such as Internet Explorer and Flash. These threats are easy to mitigate, but not enough people are taking the necessary action.
- Limit your attack surface: The more programs and add-ons you have, the more you have to manage, increasing the chances of problems occurring.
- Avoid suspicious websites, pop-ups, and advertisements: While unauthorized downloads are occasionally found from reputable websites, they are much more common in the depths of the Internet. This is especially true for sites that host illegal content, but it also occurs on smaller websites that do not have the knowledge or resources to actively address their security concerns.
- Don’t forget your other devices: Unauthorized downloads are a threat to more than just your PC. They can also affect your smartphone and other devices. For example, do not jailbreak or root the device unless you are fully aware of what you are doing and are aware of the danger.
What should you do if your website distributes malware through unauthorized downloads?
If you discover that your website is distributing unauthorized downloads, you must act immediately. They can cause severe damage to the assets and reputation of your business.
So, you got two options: to have competitive IT staff in your company to take care of it…
Or contact the one-time solution from our MyITGuy experts.
We’re active 24/7 to read or listen to your concerns… And to solve it shortly after!
You can take a look at our IT cybersecurity services here.