In another of our cyber security spotlight blogs we’re taking a look at Drive-by Attacks (also known as Drive-by Download Attacks) to help you understand this particular type of common cyber-attack and how to avoid it.
What is it?
Drive-by attacks are nothing new, in fact they’ve been around for quite a while however, their popularity among cyber criminals is on the rise in recent times and there is a good reason why. Drive-by attacks are incredibly simple and make it easy for hackers to negatively impact businesses using two especially virulent types of malware: trojans and ransomware. So, what actually is a drive-by attack? Well in a nutshell, a drive-by attack is one that targets an individual through their internet browser, installing malware on their machine or device as soon as they visit a compromised website. They key thing to note here, is that a user does not necessarily need to “do” anything in order to actively enable the attack. Just visiting a compromised website is enough.
How does it work?
A drive by attack works in two main ways. One, a user is tricked into visiting a malicious website set up directly by cyber criminals or two, a victim visits a perfectly legitimate website that’s unknowingly been compromised by hackers. The user’s browser is then either infected with malware directly or the user is redirected to a malicious website and is then infected. As we mentioned above, the two main types of malware that’s typically installed through drive-by attacks are trojans and ransomware however it could be any other kind of virus, spyware or malware in general that gets installed.
In the case of method number two, whereby a user visits a perfectly legitimate website and falls victim to an attack, it’s typically very high traffic websites that hackers like to use to perfect this version of a drive-by attack. Some websites that have fallen foul of this kind of attack in the past include the likes of the New York Times and Microsoft, so beware.
How can you protect against it?
Thankfully, there are some simple steps that your business can take to help protect staff from drive-by attacks. First and foremost, and as we keep mentioning here on the Dynamic Networks blog; install all the latest security patches for any web browsers and programmes that are in use and keep any other cyber security software up to date. Script-blocking plugins are also a good idea to avoid malicious scripts and pop-ups. Regularly back-up key business data on external hard drives, not connected to the network where possible too and then at least is an attack is successful, your business data is easily recovered.
And last but by no means least, and the very reason behind our latest blog series on cyber-attacks, keep your staff educated on how these attacks work and what to be aware of. As the saying goes, forewarned is forearmed.
So, there you have it, a mini overview of Drive-by Attacks and how to avoid them. If you think your business needs better cyber security don’t rest on your laurels, contact our team today.
Dynamic Insights & Advice
Dynamic Networks Group Continues Its Expansion
Dynamic Networks Group continues its expansion with the acquisition of Peak Support Services Ltd, a Derbyshire based Cloud MSP.
Dynamic Networks completes a Management Buyout and commences its acquisition strategy
David Smith (CEO) and Gareth Leece (COO) have successfully completed an MBO of Dynamic Networks, working with Paul Landsman of Kingland Capital. The MBO provides for a simplification of the Board structure to allow for its continued accelerated growth strategy.
10 reasons to archive your business emails in the cloud
For most organisations, email has become an essential part of daily workflow and communications. However, many businesses are unaware of the importance of archiving their emails and having an email retention strategy.
Planning a successful migration to the cloud
Moving to the cloud comes with multiple benefits. For most businesses, it usually means reducing running costs, faster modernisation capabilities and increased security.
2021 IT trends your business should be thinking about
Here are our top IT trends and predictions your business should be thinking about now to prepare for 2021.
The end of Skype for Business is closer than you think...
Microsoft have recently announced that Skype for Business Online will be retiring on July 31, 2021.