There’s no denying the convenience of online shopping. In 2021 alone, 2.14 billion consumers shopped online to find the best prices and have packages delivered right to their door. The online shopping experience will continue to flourish this holiday season, and around the world, countless people will shop online without thinking twice about the websites they’re spending time on.
But doing so can be costly as cyber criminals are becoming deceptively more creative with ways to manipulate and capture website visitors. There are likely to be more inconspicuously dangerous sites during the holidays, and legitimate websites can also fall victim to cyberattacks. If you happen to visit a website that’s been compromised, your computer can quickly be infected by cyber criminals implementing a popular drive-by download attack.
Drive-by downloads are one of the most common methods used by cyber criminals to install malware and gain unauthorized access to your device, so knowing how they work and what steps you can take to avoid them is essential. Here, we’ll look at what a drive-by download is, types of attacks, and how to stay protected this holiday season.
What Is A Drive-By Download?
When a computer becomes infected with malicious software just by visiting a website, it’s known as a drive-by download. The user doesn’t have to stop or click anywhere on the page, so simply visiting the page is enough to cause an infection. Most types of drive-by downloads take advantage of vulnerabilities in web browsers, operating systems, or file editors and viewers like Microsoft Office and Adobe Flash.
When a user visits the infected webpage, the malicious elements are triggered and exploit a vulnerability in part of the software stack on the user’s computer. Malicious files are then downloaded silently onto the user’s device, giving the hacker complete control over the device. Hackers then have the ability to extract passwords or other potential sensitive information from the device.
Types Of Drive-By Downloads
Hackers can use a variety of malicious applications to hack a victim’s device, including:
- Trojan horses. These provide remote control of the user’s device, usually through backdoors or rootkits.
- Ransomware. Allows the attacker to encrypt or destroy data on the device.
- Botnet toolkits. Attackers may directly install botnet applications that perform actions like sending spam emails.
- Droppers. Malware built to load more malware without being detected.
- Man in the middle tools. Also known as MitM, these tools enable attackers to eavesdrop on the user’s communications, insert data into forms, hijack sessions, and steal credentials.
- Keyloggers. These perform keystroke capturing that allows the hacker to gain access to passwords and other sensitive information.
- Data transfer. Tools that allow the transfer of sensitive data to its control center.
How A Drive-By Download Attack Unfolds
The growing complexity of internet browsers are contributing to the increase in drive-by download attacks, as the number of plug-ins, add-ons, and browser versions continually rises. This means there are more weaknesses for cybercriminals to exploit—especially during the holiday season, when more retailers are creating new websites, offering online deals, and putting additional time and effort into building their online presence. – Read more
Learn More About SiteLock