fbpx

Drive-by Downloads: What Are They And How to Fight Back

Drive-by Downloads

 - What Are They, And How to Fight Back

Drive-by downloads is a method used by hackers to distribute malicious software with the intent to compromise your computer.

A drive-by download occurs when a user visits a legitimate but compromised website. When the user visits a website, the hackers malicious code exploits weaknesses or other security vulnerabilities in the user's web browser or web browser plug-ins allowing the download of malicious files to the user's computer.  Their intention is to either steal valuable information or launch a denial-of-service attack against others on the internet using your computer as the vehicle to launch the attack.

Another form of drive-by download is referred to as 'malvertisement', which is commonly Flash Player based and takes advantage of unpatched software. Masquerading as a legitimate advertiser, the hacker inserts their malicious software into the advertisement which is then shown on a legitimate website. When a user views the advertisement, the malware infects their computer.

Most drive-by downloads require scripts to be loaded from third party websites which are usually operated by the hacker. In this situation, a hacker simply injects inline frame codes into a legitimate website, so when the legitimate website is visited, loads malicious software hosted from another website which is operated by the hacker.

Search Engine Optimisation (SEO) is increasing in popularity with hackers as a technique used in conjunction with drive-by download exploits. SEO increases a website's viability in a search engine. Generally, the higher or more often a website appears in a search result, the more traffic the website is likely to receive from the search engine's users. A hacker can use SEO to promote their malicious websites in search engines to increase the chance of getting traffic to their website for the exploit to occur.

Hackers are also using malware kits which in simple terms is an all-in-one program they obtained off the Dark Web.  These malware kits allow them to target specific website browsers and software flaws, including Adobe Reader, Microsoft Internet Explorer and web browser plug-ins. The websites that host these malware kits assist the hacker in determining which exploits are most likely to work on a user's computer.

How to Fight Back and Reduce drive-by downloads

To fight back and reduce the chance of a drive-by download, the following strategies should be implemented.

  1. Implement application white-listing. Through research, we have seen that in many successful cyber security incidents, application white-listing would have been the only mitigating strategy able to stop a drive-by download successfully executing malicious software.
  2. Keep all systems and applications up to date. Patching applications and operating system security vulnerabilities, especially Java and Flash is a key element in reducing your risk. Old versions of applications are more vulnerable to drive-by downloads.
  3. Minimise the use of domain administrator privileges. Of the 189 Critical Vulnerabilities discovered so far in 2019, 154 (81%) could have been prevented if administrator rights had not been applied to the user account. Our investigations have shown that least privileged access continues to be best practice – I know with certainty that the removal of admin rights is one of the leading mitigating factors in keeping our client’s networks and systems safe in the face of accelerating vulnerability disclosures.  Therefore, to reduce your greatest risk, limit users with domain administrator or local administrator privileges to NEVER have access to email and where possible, white-list websites that administrator accounts can access, or use a web content filtering solution that cannot be disabled by the administrator.

Organisations should also consider implementing any of the following strategies

  1. Implement a robust web content filtering solution that inspects the content of all website traffic for potentially malicious downloads and blocks it. Preferably disallow ActiveX, Java, Flash, HTML inline frames and JavaScript, except for white-listed websites.
  2. Implement white-listing for all internet domains you require access to, including HTTPS domains, to only allow trusted sites to be accessed by users. This will not prevent drive-by downloads but will prevent secondary malicious websites from loading.
  3. Install and maintain updated antivirus software capable of scanning internet traffic and detecting exploits.  It is highly recommend that any scanning program be externally monitored by a third party to ensure critical alerts or imminent breaches  are handled immediately.

Follow us on Social Media

Drive-by Downloads: What Are They And How to Fight Back
Drive-by Downloads: What Are They And How to Fight Back
Drive-by Downloads: What Are They And How to Fight Back
CASE STUDIES AND DOWNLOADS
Add Business Continuity to your Bottom Line

As a financial services firm, your clients depend on your guidance to help them make the most out of their fiscal decisions.


How to Protect Your Law Firm

As attorneys, you’re committed to providing your clients with the best legal advice and service possible.


Adding Business Continuity to the Assembly Line

As a manufacturer, you’re producing real, tangible products each and every day.


Cure Your IT Ailments with Business Continuity

As a healthcare company, your patients are your number one priority.


Back to Blog


Top
>