Attacks & Threats
Drive-by Download
Also known as: Drive-by attack
Definition
An attack in which malware is silently installed on a victim's device simply by visiting a compromised or malicious website.
Examples
- A user visits a compromised news site whose exploit kit installs ransomware without any click.
- Malicious advertising redirects the browser to an exploit landing page that drops an info-stealer.
Related terms
Malvertising
The use of online advertising networks to distribute malware, exploits, or scams via legitimate-looking ads served on trusted websites.
Watering Hole Attack
A targeted attack that compromises a website frequently visited by a specific group of users in order to infect them when they browse it.
Exploit
A piece of code, data, or technique that takes advantage of a vulnerability to cause unintended behaviour such as code execution, privilege escalation, or information disclosure.
Malware
Any software intentionally designed to disrupt, damage, or gain unauthorized access to computers, networks, or data.
Ransomware
Malware that encrypts a victim's data or locks systems and demands payment in exchange for restoring access.
Cross-Site Scripting (XSS)
A web vulnerability that allows attackers to inject malicious scripts into pages viewed by other users, executing in the victim's browser under the site's origin.