(also drive-by download attack)
Drive-by attack definition
A drive-by attack is a cyberattack that secretly downloads and installs malicious files onto a user’s computer or mobile device without any interaction needed from the user beyond loading the website.
Users unknowingly trigger these attacks by accessing malicious websites or opening email attachments that contain harmful codes. This happens because of vulnerabilities in the web browser, its plugins, or the operating system that the user is using.
After infiltrating the device, the malicious files secretly extract personal information, tamper with files, or seize control of the compromised machine.
Drive-by attacks have become a prevalent avenue for cybercriminals to disseminate malware onto computers and mobile devices. These attacks take advantage of their ability to be executed effortlessly without requiring active involvement or cooperation from the targeted users.
Drive-by attack examples
- The ”Blackhole” Exploit Kit (2010-2013). One of the most notorious and widely used exploit kits. It was typically used for drive-by download attacks, exploiting vulnerabilities in browsers and popular software to install various forms of malware.
- The ”Nuclear” Exploit Kit (2014-2016). A popular exploit kit that delivered a variety of malware through drive-by downloads. The kit was sold on the dark web, and it was used to exploit vulnerabilities in popular software such as Adobe Flash, Oracle Java, and Microsoft Silverlight.
- The EKANS Ransomware Attack (2020). A type of ransomware designed to target industrial control systems (ICS). Prominent organizations like Honda and Enel fell victim to EKANS attacks, which involved encrypting files on the victims’ computers and demanding ransom payment for the decryption.
Stopping drive-by attacks
- Regularly update your operating system and software to remain current and secure.
- Implement a firewall and reliable antivirus software for added protection.
- Exercise caution when browsing websites and opening email attachments.
- Employ a virtual private network (VPN) to secure your connection when accessing public Wi-Fi networks.