IT Strategies for Your Business: Drive-by Download Attacks
The average person searching on Google will spend roughly 11 minutes each session. They will spend nearly 2 hours and 30 minutes on social media, with 50% of that time right from their phone.
The Internet has become so commonplace for everyday people that is very likely they could click on a website or download something without making sure it is safe.
Sometimes those websites do not have the proper security needed to browse safely, other times, software companies are looking for users to quickly install something without paying attention. These are forms of drive-by download attacks.
Drive-by download attacks refer to malicious programs that install on a computer – with or without consent. This can also include unintentional downloads of any files or bundled software onto a computer.
In this blog, we will discuss the different types of drive-by download attacks, how they work, and how you can prevent them from harming your business.
Authorized Drive-by Download Attacks
Drive-by downloads are designed to breach your machine to hijack it, spy on your activity, ruin data, or disable your computer entirely.
An authorized attack is usually done without knowing the full implications; you would have to click on and accept the download for it to take effect.
Cybercriminals will deploy phishing techniques to bait unsuspecting employees into downloading unnecessary software. Popups, emails, or texts posing as high-profile organizations will try to scare you into clicking a link or downloading an attachment.
Often, companies like to include freeware or bloatware with their software as part of the package. This “bundleware” is a common tactic. If you are not careful to opt out of these offers, you or your team could install malware-infested software.
If any of these methods are completed, the hacker will begin taking control of sensitive data.
Unauthorized Drive-by Download Attacks
An unauthorized drive-by download works in multiple phases. First, a hacker will compromise a website; if they find a security flaw in a web page, they will install a piece of malware. Next, an employee will trigger that flaw by visiting that web page. Then, the malicious components will begin downloading malware to that device and start taking control.
Hackers will use exploit kits to help compromise vulnerable web servers and your devices. These kits identify software vulnerabilities on computers and web browsers to decide which systems are easier to crack. Exploit kits use small bits of code that are designed to sneak past weak defenses. Many times, they go largely unnoticed.
Unfortunately, security vulnerabilities are unavoidable. No software or hardware is perfect. What makes unauthorized drive-by attacks so dangerous is the possibility of a zero-day exploit.
These zero-day exploits are security flaws that do not have any known fixes or patches. If your team is affected by one of these exploits, you will have to wait for the developer or manufacturer to release a fix.
Generally, this could as quickly as a couple of hours, or as long as a few months. Hackers are hoping that this process takes as long as possible!
How to Prevent Drive-by Download Attacks
When it comes to authorized attacks, you and your team should be mindful of any emails that come from unfamiliar places. If there is an alert that says an account has been breached, log into the account in a separate tab.
If your staff is downloading software, the best practice is the check the validity of the software. Reviewers will usually detail if the application does what it is supposed to, or if it includes bundleware they do not need.
The bundleware will not install without confirmation from the user, so be sure to uncheck any boxes or opt out of any free trials that are not needed.
Your IT team should configure solid firewalls, ad blockers, and spam blockers that can help slow down those pesky alerts.
Regarding unauthorized attacks, security flaws in software are usually patched quickly. If there is an update for your web browser, operating system, or application install it as soon as possible. These updates usually include security patches that address flaws before hackers can get a hold of them.
Zero-day exploits are hard to avoid, but known issues are manipulated mainly due to poor cybersecurity. Hackers will always start with the easiest open door.
As annoying as those alerts may be, updates are critical to keeping your business data secure. Your IT team can set policies that update computers at a time that is convenient for your business.
Fortunately, most drive-by attacks can be avoided by exercising caution. It is important to avoid all questionable links and downloads. If a website shows a “not secure” warning before trying to access it, it is best to stay away unless necessary.
When it comes to software, the less is better. Your team should only install what is essential to their job needs. The more plug-ins that you have, the more vulnerabilities there are that can be exploited by these attacks.
Your IT team should also have solid antivirus protection in place if any of these attacks were to get through. Good antivirus programs will periodically scan for threats, and update definitions to prepare for any new threats.