A 'drive-by cyber attack' or 'drive-by download' is now a very popular technique among hackers and bad actors designed to instal malware on an unsuspecting user's PC when they visit an infected website.
It targets the victim through their internet browser either by luring them to a malicious website set up by criminals or when they visit what would normally be a perfectly legitimate website but which has been recently compromised by hackers to use for the purpose of attacking potential victims.
How does a drive by cyber attack actually work?
Just like other cyber attacks such as phishing mails, a drive-by cyber attack requires you to click on a link that takes you to where the attacker wants you to go.
This link may be through an ad or pop-up that then redirects you to a malicious site or infects your PC directly. But if the hacker has taken enough control of a legitimate website this can be hard to spot.
What sites are most at risk?
It is no longer the case that you will only attract this kind of attack from visiting lesser known or 'dodgy' websites. In fact, hackers prefer using well-established, high-traffic websites to conduct their attacks.
According to a 2012 study by Barracuda Labs, over 50% of all sites serving drive-by downloads were more than five years old. The same study also found that 25,000 of the world’s most visited sites infected 10.5 million people with drive-by downloads in just one month.
What type of malware can you get?
Drive-by attacks are particularly concerning because they can install a wide range of malicious files on your computer - these could range from spyware, viruses, keyloggers, trojans, remote-access tools and more.
However, one of the favourite tools that hackers use in drive-by attacks are banking trojans and ransomware. These enable the actor to access and steal an individual or a company's online banking credentials which they then use to hijack the account. This can have devastating consequences:
- A hacker may try to perform fraudulent wire transfers to steal the account. Financial losses incurred in this way are often not covered by banks.
- They may go through the computer and lock up any files it can find behind its own encrypted wall. The hacker will then ask for a (sometimes considerable) amount of money in order to unlock the files, which they may not do even if you have paid the ransom
- They may prevent access to the computer itself. The only way to counter this in most cases is to overwrite the computer and lose everything on it.
None of these options are attractive and in reality can be easily prevented.
How can I protect myself and my company against a drive by cyber attack?
The simplest way to protect against a drive by cyber attack is to keep your web browser and key programmes updated with the latest security patches. In addition, running script-blocking plugins (like Scriptsafe, NoScript or Adblock Plus) which block popups and malicious scripts is a useful safeguard.
In addition there are more structured and organised ways that company IT departments will use to protect their users from this type of attack.
These include ensuring that not everyone on the network is running on the same server and restricting the number of people in the office that have administrative systems access. Segmenting and controlling access in this way can help to prevent a spread of an infection should one arise.
Running antivirus malware detection programmes regularly and backing up company data on external hard drives will also help and trying to ensure that people save as few files on the local storage of their computers is also good practice.
Finally, personal usage of company computers should be discouraged as an active company policy and so logging in to a banking account from the same computer that is used to surf the web limits exposure to malware like banking trojans.