The criminal in your browser is real
by Mickey Boodaei - CEO Trusteer - Monday, 27 December 2010.
Evidence is everywhere that cyber criminals exist, and they’re able to make a substantial living from their illegal activities. While it is true that many are focusing their efforts on individuals, others have their sights set much higher. They are targeting enterprises to steal their highly prized intellectual property, log-in credentials, financial data and other sensitive information that resides within the once safe confines of the corporate network or in web applications.

Numerous articles have written on why you need to protect this data. Instead we’re going to focus on the business at hand – the "Man in the Browser". How is he getting into enterprise networks and applications and, more importantly, how you can stop him?

The browser has emerged as the weakest link in an enterprise’s security infrastructure. It is being successfully exploited by malware authors and criminals who use this method to steal logon credentials and inject Trojans that crack IT systems wide open, often undetected.

With these browser sessions often containing the logon details for email systems, VPNs, cloud services – such as cloud CRM, it is a critical area to secure and lock down without impacting performance.

However, the growing demand for mobility makes this easier said than done. Once upon a time, remote access to enterprise resources was the privilege of a chosen few employees, who used standard computers owned and managed by the enterprise, making security a big, yet ultimately manageable, task. Today such access capabilities have exploded to allow virtually any employee, contractor and partner to gain entry.

The problem is further compounded as these ‘trusted users’ are allowed to choose their laptop and smartphone, as well as utilize their home PC for work purposes and generally control their own IT environment. With more resources for them to access, and in the majority of cases not contained within a protected server farm – they’re literally out there in the wild. It is this adoption of unmanaged home-and-work laptops and personal PCs that has lead, in many cases, to malware infestations.

It’s not safe out there

With more than 57,000 new malicious sites created each week, most of which mimic prominent web sites, it’s hard not to stumble upon a spoof site and get infected. As users innocently browse these ‘respectable’ sites, they could inadvertently fall victim to drive-by-infections. However these attacks aren’t just on spoof/phishing sites they also reside on legitimate websites that have been infected with malware, and the criminals use search engine optimization (SEO) techniques to raise them to top of search engines to maximize the number of people infected.

In fact, increasingly engineered attacks, such as the recent LinkedIn email phishing campaign, and SEO techniques are being used to ambush individuals and install sophisticated malware such as Zeus, Bugat, and Clampi (to name just a few) on unmanaged computers that operate outside corporate networks.

This modern malware is designed to slip under the radar of traditional anti-virus solutions and to bypass strong authentication technologies like tokens or Network Access Control (NAC) systems. When an infected unmanaged computer accesses enterprise resources via VPN connections and web portals, the malware is able to elude perimeter security mechanisms.

The malware captures all data processed by that browser - including logon credentials and large quantities of sensitive corporate information, and transmits it back to the criminals. All this can be achieved without infecting a single computer within the physical boundaries of the enterprise or setting off alarms.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Feb 8th