Did you know that you can be open to cyberattacks or even compromised just by visiting some websites? It happens through an attack called the Drive-by download attack. Now please allow me to enlighten you.

A Drive-by download attack is the involuntary download of malicious code, file, or software which can leave you open to Cyberattacks or even compromised. The key thing to note here is that it happens without your consent. This malicious code is packaged into an unsuspecting application or software. Cybercriminals use this attack to steal personal information (PII), inject trojans on your banking software, spy on you, install malware, and even turn your device into a bot. This attack can occur in numerous ways.

How do Drive-by downloads work?

Simply accessing a website is enough for this attack to happen. You don’t even have to click on anything to prompt the download of the malicious code. Cyber actors exploit vulnerabilities on websites and browsers to inject malicious codes so just visiting a compromised website starts a download into your device.

Ads We see ads almost everywhere on the internet. A pop-up ad is an example. Some of these ads are very intrusive. In some instances, clicking the close or cancel button in on an ad can start a download. Now did you notice the reverse psychology here, these Cyber actors know most people would click on the cancel button!

Email attachments Just clicking on email attachments or links that might seem safe at first glance may trigger a malicious download.

Applications Drive-by downloads sniff for vulnerabilities in our applications, operating systems, and browsers to steal data, spy, steal session cookies and install ransomware even. If these applications are outdated, it only makes the situation worse.

Patchwork, a cyberespionage group created a fake version of Youku Tudou which is a social video website in China. This website tricked users into installing an adobe flash update which later proved to be a drive-by download. In this campaign, the users thought they were simply downloading an adobe software not knowing they were unintentionally installing something that would cause them huge harm.

Preventing Drive-by download attacks:

1. Always update your software to the latest version. Cybercriminals exploit flaws found in outdated software. When vulnerabilities that allow cyber actors to do what they aren’t supposed to normally carry out are first discovered, it’s called a zero-day exploit. Regularly updating your software prevents this.

2. Avoid suspicious and disreputable websites. Drive-by downloads are commonly found on websites that show sexually explicit contents and websites that support filesharing, they can also be found on reputable websites. We should always crosscheck URLs for possible phishing attempts.

3. Watch out for email links and attachments. Email is a popular threat in today’s world. Never click on links from unknown sources. Always confirm before opening attachments that claim to be from your colleagues in your organization.

4. Be wary of Ads.

5. Only download applications from reputable sources.

We’re down to the end of this article. Thank you for your time🙌. I hope you enjoyed reading😉. Don’t forget to like and comment!😊