Drive-By Download

2nd March 2020 | Cybrary

A Drive-By Download is the unintentional download of malicious code to your computer or mobile device that may compromise your computer leaving you open to further attack by hackers. Many cyber attacks require a user to do something in order to activate an attack, whereas a drive-by download doesn’t rely on the user at all. All that is needed is for an unsuspecting web user to visit a web page is compromised. This could be a recently compromised news website where malicious code is secretly being downloaded in the background to your device.

Recent evidence published by Google’s vulnerability research team Project Zero has shown mobile phone devices can be hacked through drive-by downloads in addition to desktop and laptop computers.

Source: McAfee

A deep dive into iOS Exploit Chains

What does this mean for an SMB?

The most important thing for an SMB to do is to ensure all employees’ web browsers and computer operating systems are fully patched to reduce the likelihood of unwanted malicious installs. Secondly, there are new Domain Name Service (DNS) services from Cisco (Umbrella) and WebRoot which check your DNS requests and block access to known malicious websites automatically. Ask your Managed Service Provider (MSP) if they support deployment of one of these DNS solutions. Thirdly, and equally important to patching is providing awareness training to your employees on how to determine if a website is safe (and many other topics). As of July 2019, all websites should display a lock symbol which means they have registered a Secure Socket Layer (SSL) certificate. This ensures all communications between your computer and that website are securely encrypted. These SSL registries validate a website owner’s identity before issuing an SSL certificate. However, having an SSL certificate is not a guarantee the website hasn’t been compromised. It could still be pushing malware down to user’s computers. What it does allow for is a quick escalation of a compromise to the website owner based upon contact information in their certificate reducing the time they are online after compromise. Finally, there are some safe search plugins available for browsers that provide reputations on websites that are returned in a Web Browser search on Google or Bing; these are called browser extensions. One example is McAfee’s safe searching tool called Web Advisor. Some of these browser extensions can be cumbersome to manage, install, and support, so use this last advice carefully. CyberHoot recommends this for power users rather than the everyday employee.