Securing Browser Access: The Doorways to Sensitive Data
According to a report from McAfee, Dissecting the Top Five Network Attack Methods: A Thief’s Perspective (PDF), the top network attack methods include network abuse (42 percent) and browser attacks (36 percent).
The report also revealed an 87 percent growth in suspicious URLs in the last year, that is, spoofed sites launched to support phishing attacks that attempt to fool users into downloading malware or giving away personal information, like passwords or credit card numbers. An additional 62 million brute force attacks were detected in 2014, showing that passwords are major targets.
Browsers are seen as doors to your internal networks and systems, the reason behind attack methods such as phishing emails, social engineering and drive-by malware downloads that use the browser to steal passwords.
In turn, they can log into your accounts and bypass any detection tools by posing as a legitimate user, transferring money to different accounts or downloading tons of sensitive data to their servers.
Modern Browser Attacks
A recent phishing attack is now targeting users of Microsoft’s latest operating system, Windows 10. Attackers are sending emails that appear to be from Microsoft, equipped with ransomware attachments that will encrypt their files until the user sends Bitcoin to the attackers, according to a Cisco blog. As long as users fall for phishing emails, attackers will continue to send them.
Another recent browser attack drops a new version of the RIG exploit kit (3.0), which has infected about 1.25 million users. According to Trustwave research, nearly 90 percent of the traffic delivered to RIG can be traced back to several malicious ad campaigns. That means when a user clicks on an online ad, they’re infected by the malware - also called malvertising.
Attackers leveraged cheap ad providers, allowing them to selectively target who their ads get shown to, which is ideal as RIG only targets users of Microsoft’s Internet Explorer browser. RIG is exploiting a few known vulnerabilities that have been patched already, including Adobe Flash (CVE-2015-5122) and Microsoft’s Object Linking and Embedding (OLE) library, according to eWeek.com. That means people that haven’t updated their browsers or plugins could be susceptible to these browser-based attacks.
Users can avoid browser attacks in a few ways, including ensuring that browser plugins and browsers are all up-to-date, as well as enabling click-to-play in your browser (prevents plugin content from playing automatically, or downloading malware onto your computer automatically).
Exploiting Bring Your Own Device (BYOD)
Another method referenced is stealthy attacks - that is, advanced and complex threats that enables attackers to steal intellectual property. While these types of attacks can take months to build while they research and map out your infrastructure and network, they may also target personal devices to actually penetrate your network.
BYOD (Bring Your Own Device) is also a target of attackers, as they’re often not maintained or controlled by administrators, therefore they’re less protected. Employees don’t typically want to install work-related security agents or apps on their phones due to privacy concerns.
When seeking a security solution to manage your devices and browser authentication, choose one that doesn’t collect personal info and invade your employees’ privacy, but still provides visibility and security against modern browser attacks.
With two-factor authentication, you can stop attackers that use browsers to gain access to your systems or network via stolen passwords. Two-factor authentication requires the use of your personal device, like a smartphone, to verify your identity a second time (the first being your username/password).
An advanced two-factor solution also offers the ability to track all of the devices that authenticate into your network, showing you detailed information about what type and versions of browsers used - without the use of an agent, quelling employee privacy concerns. Plus, you can see if your users are using jailbroken or rooted devices to authenticate, which can be susceptible to vulnerabilities and present a potential risk to your organization’s security health.
Device Visibility - Key to Tightening Up Endpoint Security
Attackers deliver exploit kits and malware via links and attachments, accessed over a user’s browser. But those exploits typically depend on leveraging known vulnerabilities found in certain outdated plugins and software running on a user’s browser, such as Flash and Java.
For companies that want more visibility into their users’ browsers, including type, version, plugins, and more, Duo Access provides advanced security features beyond just two-factor authentication. Get a quick overview of your dashboard and see which users have Flash and Java enabled/installed on their devices, so you can take action to reduce your security risk profile.