PODCAST: How web browsers present an attack vector useful to criminal hackers — and business rivals

CERT-LatestNews Malware ThreatsCybercrime ThreatsStrategic

By Byron V. Acohido

Web browsers continue to represent, arguably, the most wide-open attack vector at any given company.

This is because Mozilla Firefox, Google Chrome, Microsoft Explorer and Apple Safari all use a basic architecture ideally suited for a threat actor to manipulate. To put it bluntly, it’s all too easy for an attacker to download malicious code onto an employee’s computer—and then use that infected machine as a foothold to probe deeper into the breached network.

Related article: How ‘software containers’ are improving network security

Thus browser-focused attacks occur 24÷7÷365. While there is no direct way to stop attacks aimed at browsers, it is possible to contain them. I sat down with Lance Cottrell, chief scientist at Ntrepid, supplier of technology that isolates browser sessions inside a virtual machine, so that any malware that gets downloaded is trapped inside a virtual box and can’t attack the rest of the system. A few takeaways:

Lance Cottrell, Ntrepid chief scientist

The vampire quotient. Browsers give firewalls a very hard time. There’s very little control over what’s coming in or going out because it’s user-led. Rather than someone trying to break in, it’s like dealing with a vampire. Every time you click on a link, you invite them into your home. There’s no time or way for the user to scan the content and decide whether it is safe because browsing is a real-time activity.

It’s also very hard to discriminate against intentional and unintentional activity. The user may have wanted to download that PDF or the executable, or it might have happened automatically. It’s why 90 percent of undetected attacks come through the web and why securing it, or at least safeguarding it, is going to become a top priority.

Going beyond blacklisting. IPs known to be the source of attacks are routinely blacklisted. And known good IPs can be whitelisted. But that’s not enough. So now there are ways to carry out browser sessions in a virtualized area. No solution is foolproof. Modern business networks are simply too large and too complex. The overarching goal should be to make sure that if and when a browser does get compromised the rest of the network is protected.

Hackers and spies. It’s not just sneaky cyber criminals using anonymized IP addresses that companies need to be aware of. Law enforcement, for instance, also uses anonymized IP addresses to visit websites while conducting investigations.

And retailers often check the prices of a competitor using anonymized IPs, as well. This is to avoid faked prices a rival may have at the ready to send to any IP address originating at a competitive retailers domain. Retailers are very active in this kind of spy vs. spy competitor intelligence. Financial services companies are most active in the fraud area.

For a deeper dive, please listen to the accompanying podcast.

More stories related to browser security:
Browser security startups insulate users from web-based threats
Though inherently unsafe, companies can still take steps to secure web browsers
VPNs prevent marketers, others from cashing in on your browser history

This article originally appeared on ThirdCertainty.com

PODCAST: How web browsers present an attack vector useful to criminal hackers — and business rivals