Drive by download assaults are precisely defined as malicious software installations on your devices that happen without your knowledge. This also applies to the unintentional downloading of any files or software bundles onto a computer system.

What is Drive By Download? 

A drive-by download is a cyber-attack that unintentionally downloads malicious code onto a computer or mobile device that exposes the users to different threats and could be used to conduct one or more of the following things:

• Configure IoT devices like PCs and other tech.
• Analyzes all activity and traffic, both inbound and outbound.
• Destroys, alters, or renders your device inoperable.

The user doesn’t have to click on anything, press download, or open a malicious email attachment to become infected. These types of attacks can take advantage of an app, operating system, or web browser that contains security flaws due to a lack of updates or unsuccessful updates. 

How does Drive By Download Attack Work?

There are two main ways malicious drive by downloads get into the device:

1. Authorized Downloads Without Knowing Full Implications

Authorized attacks happen when a website or software seller offers a trustworthy program or application that is downloaded automatically when a user visits the website or uses the product. Typically, the user is alerted about the download and may be prompted to approve the installation.

Authorized drive-by downloads are designed to be efficient and can often be detected before an attack occurs. The process is as follows:

• Hacker creates a corrupt website, links, or Ads: The hacker creates a delivery mechanism for malware, such as through online messages, advertisements, or legitimate program downloads.
• User Interacts with delivery mechanism: The user interacts with the delivery mechanism by clicking on a misleading link, downloading software, or taking other actions.
• Malware installs on the device: The malware installs on the user’s device, either by failing to opt out of additional software or by accessing a site infected with malware.
• Hacker gains access to the device: Once installed, the malware can allow the hacker to gain unauthorized access to the user’s data.”

2. Unauthorized Downloads Without Any Notification 

Unauthorized downloads (without any notification): Attacks described as unauthorized drive-by downloads happen when hackers penetrate a website and insert harmful code into its HTML or JavaScript files. The user may not even be aware that something was downloaded onto their machine if the site has been compromised in their absence. An unauthorized drive by download operates in several stages, despite its apparent simplicity, the process is as follows:

• Hacker infects a legitimate website: The hacker first compromises a webpage by exploiting a security vulnerability and inserting a malicious component.
• You trigger the component: When you visit the webpage, the component detects any security weaknesses in your device.
• Component downloads the malware: The component then downloads malware onto your device using the exploited security vulnerabilities.
• Malware executes its task: The malware executes its task, allowing the hacker to gain control, and interfere with or steal information from your device.

Examples of Drive By Download Attacks

1. Attack Using a Java Zero-Day Vulnerability

In 2013, hackers infected several trustworthy websites with malware using a Java Zero-Day Vulnerability. Anyone who had a vulnerable version of Java installed on their machine who accessed these sites was instantaneously infected.

2. Malvertising Campaign

In 2016, a new malicious campaign targeted users of well-known news and entertainment websites. The attackers utilized malicious advertising to lure consumers to websites where malware was downloaded onto their devices. User data was intended to be stolen by the malware and sent back to the attackers.

3. Phishing Email Campaign

In 2015, a large U.S. bank’s clients were the subject of a phishing email campaign. The emails included a link to a fake login page that mimicked the bank’s legitimate login page identically. The attackers carried out a drive-by download attack to infect users’ devices with malware as soon as they input their login information.

4. Attack Using Typo-Squatting

In 2019, attackers registered a domain name that was identical to one letter of the name of a well-known gaming website. Anybody who unintentionally typed the incorrect letter in the website’s URL was forwarded to the bogus site, where malware was put onto their devices.
 

Types of Drive By Download Attack 

There are several types of drive-by-download attacks, including:

• Malicious Ads: Ads that contain malicious code can be displayed by attackers who have gained access to ad networks. When a victim visits a website where the ads are displayed, the ads may then spread the infection to the victim’s device.
• Exploit Kits: An intruder can use an exploit kit to take advantage of a victim’s device by gathering an inventory of software flaws, Attackers can send exploit tools via email or a website that links to a fake site.
• Watering hole threats: Attackers may gain access to an online resource that is commonly used by a particular target market, and site visitors who engage with it may unknowingly download malware to their devices.
• Cross-site scripting (XSS) assaults: When a website is compromised, malicious code is injected into it by attackers so that it can run when a target accesses it.
• Phishing attacks: Attacks referred to as “phishing” entail tricking victims into opening a file or clicking on a link that downloads software. This may occur via email, social media, or other communications services.

Types of Drive By Download Payloads

Attackers can use drive-by downloads to deploy a variety of vicious software to a user’s device. These can include:

• Banking Trojan: It affects users’ internet banking, drive-by attacks can send banking Trojans to the victim’s device, enabling the attacker to steal their banking credentials and conduct fraudulent transactions.
• Ransomware: Ransomware allows the attacker to encrypt your data and block your system until a sum of money is paid, Drive-by attacks can infect a victim’s device with ransomware, making their files unavailable until they pay the ransom.
• Adware: Software that exposes users to intrusive adverts. Adware, such as pop-ups, banners, and other sorts of annoying adverts, can be installed on a victim’s device through drive-by attacks.
• Keyloggers: Track keystrokes to gain access to passwords or other sensitive data. Keyloggers can be delivered to a targeted computer during drive-by attacks, allowing the attacker to steal their data.
• Browser hijackers: Drive-by attacks have the potential to infect a victim’s device with browser hijackers, causing their browser to display unwanted search results or redirect the user to unwanted websites. 

How to Avoid Drive-by Download Attacks?

The following are some measures to protect yourself from the risks associated with drive-by download attacks: –

• Update your operating system and software with the most recent security fixes, this will guarantee that any vulnerabilities are patched.
• Install and use only legitimate Antivirus software.
• Make use of a safe browser, such as Microsoft Edge, Mozilla Firefox, or Google Chrome. The built-in security features of these browsers frequently guard against fraudulent websites and downloads.
• Install pop-up blockers in your browser and turn off automated downloads to increase security. Always download files from trusted and legitimate sites only.
• Employ a content filter to help find and block potentially hazardous websites, such as Web of Trust or McAfee Site Advisor.
• Back up your crucial data and files frequently to a safe location or cloud service. The backup of a successful assault will assist in protecting against data loss.

How Website Owners Can Prevent Drive by Downloads?

As a website owner, you’re considered to be the primary security line between a hacker and your website audience, to ensure the best security of your user’s peace of mind, you have to build up your infrastructure with these tips:

• Keep all website elements up to date: This may include any extensions, addons, plugins, or any other infrastructure. 
• Remove any outdated or unsupported components of your website: Without regular security patches, old software is perfect for frauds to study and exploit.
• Use strong passwords and usernames for your admin accounts: Use password generators with a password manager to stay safe.
• Monitor advertisements on the website: Advertisements are a popular vector for drive-by download attackers, make sure that your users aren’t getting suspected advertisements.
• Enforce web application firewalls (WAFs): By observing and filtering website traffic, WAFs can assist in defending your website against assaults. They can also assist in identifying and obstructing malicious communications.
• Make sure your website is using HTTPS rather than HTTP by employing a secure protocol: Data exchanged between your website and users’ web browsers are encrypted with HTTPS, making it more challenging for hackers to intercept and insert malicious code.
• Restrict the usage of third-party content: Use caution when integrating widgets or adverts from third parties onto your website. Drive-by downloads are often made from this kind of content.

Tips for Endpoint Users

 End Users can follow these pro tips to protect themselves and their software against a drive-by download attack: –

• Use ad-blocker software: Drive-by download attacks often use online ads to upload malicious files into your system, using an ad blocker can help reduce your exposure to this type of attack.
• Only use a non-admin account while netsurfing: Admin privileges are more vulnerable for drive-by downloads to install without your consent, use a secondary non-admin account for daily use.
• Examine security popups on the web before clicking: Attackers use deceptive popup ads on desktop and mobile browsers that look like legitimate alerts.
• Only visit mainstream sites: Normally use well-established sites to improve your chances of staying safe from Scammers because many sites which allow file-sharing or mature content are common points of infection.
• Keep your system and software updated: Again, it is necessary to be updated because it will fix exposed vulnerabilities and safeguard your netsurfing experience.