What is drive by download attack and how can we prevent it?
Drive by download attack is a form of malware cyberattack that installs itself to computing device without the knowledge and consent of the users when they visit a website. The installation may contain an infected file attachment or a malicious link to a website that deploy malware to a target system without the user even clicking on the malicious content. Furthermore, it refers to an unintentional download of malicious content onto a computer system or mobile device that may expose users to various types of security threats and risks. In addition, the malicious code or payload is designed to download malicious contents onto the workstation of the victim without the user awareness. And it takes advantage of plug-ins, applications, vulnerable operating system or even web browser that contain security flaws that occur due to lack of updates and patches.
The purpose of drive-by download attack is to steal and collect sensitive personal information, spy on individuals or organizations, injecting Trojan horse, installing keyloggers, and deploy other malwares that have the potential of infecting and compromising enterprise systems. And it further involves an involuntary download of malicious code, software, content or file onto a computer systems.
Some of the best methods to prevent drive-by-download attacks include the following:
- Deploy web security protection software
- Update all website components
- Disable or remove any outdated services
- Use strong and complex passwords
- Avoid using privileged accounts for day-to-day tasks
- Deploy firewalls
- Install web filtering software
- Establish threat intelligence and threat hunting feeds
- Deploy endpoint detection and response (EDR) solution