Threat actors may prepare an operational environment to infect systems that visit a website over the normal course of browsing. Endpoint systems may be compromised through browsing to adversary controlled sites, as in Drive-by Compromise. In such cases, the user's web browser is typically targeted for exploitation (often not requiring any extra user interaction once landing on the site), but Threat actors may also set up websites for non-exploitation behavior such as Application Access Token. Prior to Drive-by Compromise, Threat actors must stage resources needed to deliver that exploit to users who browse to an adversary controlled site. Drive-by content can be staged on adversary controlled infrastructure that has been acquired (Acquire Infrastructure) or previously compromised (Compromise Infrastructure).
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.