Drive-by Compromise

As described by Drive-by Compromise, a drive-by compromise is when an adversary gains access to a system through a user visiting a website over the normal course of browsing. With this technique, the user's web browser is targeted for exploitation. For example, a website may contain malicious media content intended to exploit vulnerabilities in media parsers as demonstrated by the Android Stagefright vulnerability [1].

(This technique was formerly known as Malicious Web Content. It has been renamed to better align with ATT&CK for Enterprise.)

ID: T1456

Tactic Type:  Post-Adversary Device Access

Tactic: Initial Access

Platform:  Android, iOS

MTC ID:  CEL-22

Version: 1.0

Mitigations

MitigationDescription
Security Updates
Use Recent OS Version

Examples

NameDescription
Pegasus for iOS

Pegasus for iOS was distributed through a web site by exploiting vulnerabilities in the Safari web browser on iOS devices.[2]

Stealth Mango

Stealth Mango is delivered via a a watering hole website that mimics the third-party Android app store APKMonk. In at least one case, the watering hole URL was distributed through Facebook Messenger.[3]

References