Attack Library: Drive-by Attacks

Drive-by Attacks are an increasingly common type of attack, used by threat actors to force the client into performing an action without the consent of the user. The key difference between Drive-by attacks and other attacks of this nature, is that they do not require any user interaction with the malicious content for the attack to be successful, which makes it incredibly difficult for users to identify and avoid this type of threat.

To perform this type of attack, the threat actor will first look for a vulnerable website and inject their own code into pages that are going to be loaded by the users. This code will be designed to run as the client connects to the website, depending on the will of the threat actor, this code may for example tell the client machine to download malware or redirect the user to the threat actors own malicious website. Drive-by Attacks are not just limited to websites, threat actors can employ this type of attack via email, pop-ups and adverts, relying on the exploitation of unpatched security flaws present in applications, web browsers, browser extensions and operating systems.

In order to stay better protected from Drive-by Attacks, the best approach is to ensure that you keep your applications, extensions, browsers and operating system up-to-date with the latest security patches. Threat Actors will continue to find new vulnerabilities to exploit, keeping your systems up-to-date will help to keep you protected from the latest exploits.

Additionally, you should frequently audit your system to identify and remove any unnecessary, unused or unsupported software. This will help to minimise the potential number of vulnerable or unpatched applications that could be used as an attack vector, as well as making it easier for you, as a user, to keep on top of your updates.