If you thought drive-by downloads are a thing of the past, you may be surprised by the increasing number of these attacks in 2020.
Drive-by downloads have become a prominent threat primarily due to the current increase in pre-packaged kits used by hackers to launch more sophisticated attacks with little technical skill requirements.
In fact, anyone today can easily lay their hands on an exploit-kits-as-a-service in the underground software market and launch an attack.
What Are Drive-By Download Attacks?
A drive-by download attack is basically an unintentional download of harmful or malicious code to your device that makes your computer or mobile device vulnerable to a cyber attack. Your system will be infected even without opening a malicious email attachment or clicking any link.
And off course, all of this happens because a file was downloaded without your knowledge and consent. There are 2 main variants of a drive-by download attack:
- Malware-loaded (also known as bundleware) attacks
- Potentially Unwanted Programs (PUPS)
The drive-by download attack takes advantage of an app you downloaded, your web browser, or operating system to launch an attack. The drive-by download doesn’t depend on the action you take to initiate the attack but simply uses security flaws or lack of security updates on your system or the apps you have previously installed.
Drive-by downloads will breach your device’s security in many ways including:
- Hijacking your devices
- Spying on your online activities
- Disabling your data and locking you out of the system
- installing ransomware
- Enabling Adware
If you don’t have the right security programs, or fail to patch your vulnerabilities, you could easily become the next victim of a drive-by download attack.
How Do Drive-by Downloads Enter Your Device?
There are two main ways that drive-by downloads enter your computer or mobile devices. You could easily authorize an app without knowing the full implications of the program.
For example, unknowingly opening the door to drive-by downloads by clicking on a deceptive fake security alert or by downloading a seemingly harmless application packed with a Trojan.
Drive-by downloads can also enter your system through apps that are fully unauthorized without any notification. For example, you could visit a legitimate website and get compromised instantly without taking any other action or following a deceptive prompt.
Most Prominent Drive-by Downloads
Drive-by downloads can be used in a diverse range of circumstances, often leading to devastation for the victims. Below is a collection of recent campaigns that involved drive-by downloads in some stage of their attack strategies:
Lurk
Lurk was one of the first groups of cybercriminals utilizing dive-by downloads to amass a fortune of $45 million in stolen funds. But in 2015, Russian authorities along with security researches compiled all the information that led to the arrest of 50 members of this group, eventually leading to a complete shut down.
The main target audience of the attack were Russian websites whereby the group would inject a malicious iFrame code to redirect visitors to malicious websites. The main purpose was to target banking and financial apps, allowing them to steal users’ funds online.
Patchwork
Also known as the Dropping Elephant and Chinastrats, it is another cybercriminal group relying on drive-by downloads to attack Asian countries.
As per a statement issued on the Trend Micro website, the cybercriminals behind this group aim for “mission-critical or confidential data”, instead of making financial gains.
One of the incidents involved the gang setting up a fake version of Youku Tudou, also dubbed as Youtube’s Chinese version. The website would then make visitors download an “Adobe Flash” update, which was used to trigger massive attacks.
This type of a drive-by download attack falls in the 2nd category, whereby the user has consent to download the file without having complete knowledge as to the repercussions.
Eris Ransomware
Back in June 2019, nao_sec from Bleeping Computer discovered Eris Ransomware was delivered using drive-by downloads. The PopCash ad network was used to setup a malvertising campaign and drive visitors to malicious websites infected with the RIG Exploit code.
The Kit’s main goal was to find out vulnerabilities in Shockwave, and deliver Eris Ransomware to the victims before finally encrypting all files and important data and demanding a ransom payment.
Suggested: What to do when you are hit with a ransomware attack?
How to Prevent Drive-by Download Attacks?
You need to understand what a drive-by download attack is and how to spot one coming from miles away.
1. Update your browser
Keep in mind, you will always be the first line of defense against cybercriminals targeting your website. To safeguard your site from drive-by downloads, ensure that all components such as themes, plugins, and other add-ons are kept up to date.
Why?
It is browsers through which most of the successful drive-by download attacks take place. If you haven’t updated your browsers in weeks, it’s time you do it now.
Unfortunately, many people do not update their operating systems including programs such as Internet Explorer, Edge, Chrome, Firefox and Safari. As a result, they end up getting attacked by ransomware on their systems.
Many people don’t seem to realize that updates are crucial to keep your software working for a long period of time without causing any interruption in your day to day work. There are a lot of corrections other than annoying changes that each update provides.
Take time to frequently remove unsupported or outdated components such as old software that doesn’t have the latest security patches. It’s also important to ensure that your site uses the latest protective web security software and always uses strong usernames and passwords for logging into your admin accounts.
To give you an example of how critical it is for people to update their programs, Avast conducted a survey on 163 million computers in 2019. Shockingly, 55% surveyed had outdated programs. Well that just explains a big reason why ransomware attacks and drive-by downloads will continue soaring in popularity among cybercriminals.
2. Limit the programs you use
As an average computer user, what programs do you use on a daily basis? Office? Chrome? Firefox? Adobe?
The more programs and add-ons you use, the higher your chances of getting compromised are. There is no mysticism involved.
Instead of bloating your computer with unnecessary software, keep it simple and install only the software you really need. In case you don’t need an application anymore, it’s better to uninstall than continuing usage and not updating it.
3. Only download from well reputed websites
While drive-by downloads exist on legitimate websites, they are commonly found on sites that provide torrents, and hacked software. If you are downloading hacked software, you already have bad intentions and hackers aren’t going to spare you anyway.
4. Remain vigilant of pop up ads and notifications
If your antivirus program alerts of you of a virus, it’s important you check and make sure that it really is coming from a reliable source. if the source is a web browser, do not click on any attachment, because it could be a trick to lure you in a drive-by download.
5. Beware of links and attachments in emails
Just like you have to be 100% certain that any virus notification is coming from your antivirus, the same is true for email links and attachments. You should not proceed with clicking on any link or attachment if you are not 100% certain of where it’s coming from.
You will also receive emails out of the blue such as the obvious Nigerian 419 scams, and shipment confirmation invoice schemes.
Just think about it for a second. Why would anyone in the world email you to save them from their cruel father in exchange for a $20 million payment?
6. Use a ScriptBlocking Service
If you browse any website without a scriptblocking service, all JavaScript, codes and Flash can run without your permission. But if you install a Scriptblocking service like Noscript, you can easily block any script from executing itself.
And while disabling the scripts is a surefire way of minimizing your chances of getting compromised, it also reduces the website’s functionality and user experience. It is up to you to determine what you want to allow by blocking and allowing certain scripts.
Conclusion
There is no 100% guaranteed way to remain safe online. But the steps provided in this article should be enough to improve your chances of remaining secure and educated while working online.
