What to Know About Drive-By Downloads
January 13, 2021 by
As we’ve learned before, there are many ways hackers can get to your valuable data. From under-the-radar location tracking, to sophisticated in-person and online social engineering and phishing attempts, to full-blown ransomware attacks, and more. Cybercriminals are always on the move to carry out bigger, better, and more impactful attacks to get what they want.
Unfortunately, more times than not, employees and executives who aren’t aware of the risks they face when online don’t fully understand why being vigilant matters. Many folks don’t see harm in reusing the same password on multiple accounts. Or worse, some don’t even pay attention if an account gets compromised … especially if they don’t use it often. That’s why it’s important to stay educated and be cyber aware.
Today, let’s dive in to drive-by downloads.
What are drive-by downloads?
A clever way hackers can obtain your data is through drive-by downloads. This occurs when a user visits a malicious website or clicks a malicious URL, and malware is installed on to their machine. For example, many websites require Flash Player to run. However, if you happen to unknowingly be on a malicious website and it asks you to download something (like Flash Player), you may think it’s necessary and just download it. Instead, it will download malware – and not Flash Player on to your machine. In this case, though, technically you authorized the download.
The other type of drive-by download is when it’s completely unauthorized, without any notifications. In the case of the Flash Player example, you wouldn’t even get the pop-up notification asking for permission to download the program – it would just attempt to download to your device on its own.
Drive-by downloads work in five stages: entry point, distribution, exploit, infection, and execution. Let’s take a look at what happens at each stage.
How can you prevent a drive-by download from happening to you?
Drive-by downloads can occur when browsing the web, so it’s important to be cautious of what websites you’re visiting. The best solution to prevent a drive-by download is to stay away from suspicious or unfamiliar sites. That is easier said than done, though, because hackers continue to become more sophisticated with their tactics.
With a good eye, it’s often simple to distinguish the good from the bad. Before clicking on a link, always hover over it to see the real URL. Often, hackers will make the text seem legitimate, but the URL itself will reveal inconsistencies that are clues that the site is dangerous.
Another helpful trick is to follow the forward slash two dots back trick. To find out the real URL, look for the first forward slash, and then follow it two dots back. Whatever is in the area between the forward slash and the two dots is the site you’re actually going to.
Those sneaky hackers!
As you’ve learned today, hackers are clever and can fool even the most cautious people. It’s important to stay alert when browsing the web. If something is unfamiliar or it gives you a bad gut feeling, stay away from it! Being cautious will help immensely when protecting yourself from cybercriminals.
- Entry Point – This is how you get to the compromised site in the first place. Either by clicking on a URL in an email or an online ad, you navigate to the malicious site. In order to improve their odds, hackers often compromise legitimate sites – like a local news site or a WordPress blog – and tempt you to click on a malicious link they have inserted into that site.
- Distribution – Distribution is when you are redirected from the original site to another that is typically owned by the hacker and hosts an exploit kit.
- Exploit – Next, the exploit kit will look for any known vulnerabilities in your operating system or applications. For example, if your operating system hasn’t been updated with the latest security patches, that could be the weak point that a hacker takes advantage of.
- Infection – Once a vulnerability is identified, it is used to download and install malware.
- Execution – When your device is infected, they will try to execute their plan accordingly – whether that’s getting access to the rest of the network, delivering ransomware, or stealing credentials.