Like a Moth to a Flame: Why the Browser Is Such a Tempting Target

browser-based threats

As part of Solutions Review’s Premium Content Series—a collection of contributed columns written by industry experts in maturing software categories— Tal Zamir of Perception Point shines a light on the browser, and why browser-based threats are pulled to it like a moth to a flame.

Chrome, Safari, Firefox, and Edge – internet web browsers are so ubiquitous and essential to our personal and professional lives that we hardly give them a second thought. For enterprises, they are the backbone of day-to-day productivity, serving as the launch pad for many critical web applications and collaboration tools. But their key functions and widespread use makes them a prime target for hackers– growing digitization and remote work conditions have made web browsers even more susceptible to cyber-attacks. Yet their security architecture remained mostly unchanged.

Re-Evaluating The Importance of Browser Security


What exactly should enterprises be looking for in their security solutions to ensure their workers and assets stay safe from browser-based threats?

Challenges and Defenses of Browser-Based Threats

In the wake of the pandemic, hybrid work models have become increasingly common. But supporting remote work at scale means offering SaaS alternatives that enable employees to work from home on their own devices. However, these web-based SaaS apps often lack the data loss prevention (DLP) controls designed to stop users from sending sensitive information outside the corporate network. Enterprises suddenly have much less control over how their employees handle company assets.

What’s more, threat actors are growing more sophisticated, revealing and exploiting more and more zero-day browser vulnerabilities – security gaps that have yet to be patched by the vendor… and there are a lot of them! Take Chrome, for example, today’s most popular web browser accounting for 62 perception of the internet browser market share worldwide. Up from just 2 in 2008 and 37 in 2009, the number of known Chrome vulnerabilities spiked to 308 in 2021 and 224 thus far in 2022. Coupled with malicious browser extensions and targeted complex phishing attacks, web-based collaboration tools and proprietary SaaS apps are becoming prime targets for hackers. In fact, this year Chrome reported that several critical zero-day browser vulnerabilities were leveraged by North-Korean malicious actors.

Examples of Browser-Based Threats

Advanced phishing campaigns are one classic example of cyber-attacks that have succeeded in breaching countless organizations, including integrated cloud security companies such as Okta and Cloudflare. In July of 2022, Cloudflare employees received phishing texts on their personal or work phones with a link directing them to a spoofed, but convincing, version of Cloudflare’s Okta login page in the user’s default browser. Despite their endpoint and basic SWG detection, the phishing website was sufficiently sophisticated that company security systems failed to catch it before some employees unwittingly entered their usernames and passwords.

Infostealer malware is another common type of hacker tool. One of the latest to be detected is Ducktail, a malware specifically designed to target web browsers. Recent campaigns have targeted individuals and employees with top-tier social network business accounts, convincing them to download malware capable of passing security checks. Once downloaded, the malware automatically scans for browsers, targeting them to steal cookies and data it needs to hijack social network accounts as well as any personal data stores within the browser.

Another common line of attack comes from browser extensions, which are widely used to create a customized and user-friendly experience on both personal and professional systems. Users download a seemingly useful browser extension that has been approved by the Chrome web store that will lie dormant before waking up and downloading a malicious payload that wasn’t approved by Google reviewers. The malicious payload can then allow threat actors to steal confidential information from Google accounts and even the systems connected to them. This was seen relatively recently when North Korean threat actors deployed malicious extensions, capable of stealing restricted content from Gmail and AOL, on Chromium-based web browsers. That’s over 75 percent of them and includes Chrome and Edge.

Security Reassessment

Mentioned above are just some examples among an endless number of threats to the web browser. However, to counter the growing impact of these threats, enterprises have introduced a range of defense measures including Endpoint Security Agents (e.g., endpoint protection platforms and endpoint detection and response), Enterprise Browsers, Secure Web Gateways (SGWs), and Remote Browsers. However, this suite of technologies can have certain deficiencies, meaning they are not entirely effective in countering increasingly advanced attacks. A few examples: Endpoint Security Agents generally lack any focus on the browser itself; Enterprise Browsers lack any significant isolation; SWGs have limited detection capabilities; and Remote Browsers often come with latency and introduce compatibility issues for users.

To block growing cyber threats from destabilizing business operations, enterprises need to make sure they adopt solutions that enable safe browsing and deter users from entering dangerous sites or downloading suspicious files. They must also implement sensitive access controls that safeguard valuable web applications when either employees or third parties access them on untrusted devices. Adding to the challenge, enterprises looking to avoid potentially disastrous cybersecurity breaches must seek solutions with browser-specific security features that do not disrupt the user’s workflow and productivity, and instead integrate seamlessly into a company’s existing tech suite. With this in mind, there is burgeoning interest in solutions that pair advanced detection measures with isolation capabilities – processes that confine browsing activity to a secured environment separated from user devices and organizational networks.

Conclusion

The web browser is a critical asset, but there is a sea of browser-based threats willing to exploit its security flaws to compromise enterprises. Enterprises should reassess their browser security controls and consider solutions that maintain the existing browsing experience while adding the necessary additional layers of security that current browsers lack.

Tal Zamir
Follow Tal
Latest posts by Tal Zamir (see all)