The criminal in your browser is real
by Mickey Boodaei - CEO Trusteer - Monday, 27 December 2010.
As attack opportunities continue to multiply, so does malware sophistication. An example of such ingenuity was witnessed in early 2010. The Aurora attack - targeting Google, Adobe and another 32 companies, demonstrated unprecedented malware sophistication. It used multiple coordinated malware packages, several layers of encryption and various browser and Operating System vulnerabilities demonstrating the power of today’s malware.

The fact that the entire attack went completely under the victims’ radar makes this even more serious. Advanced Persistent Threats, coordinated long-term attack activity targeted at specific enterprises, is not uncommon in today’s IT environment.

Proof of such attacks already targeting the enterprise is already being seen. We recently decrypted an attack on the popular Citrix Access Gateway where Zeus was instructed to take a screenshot every time the mouse is left clicked while the URL includes the term “/citrix/”. This attack defeats Citrix’ virtual keyboard solution which was created to bypass keyloggers by replacing keystrokes with mouse clicks. It proves that the criminals, such as those behind Zeus, are specifically targeting remote access connections into secure networks and going after intellectual property and other sensitive data contained within company IT networks and applications.

With modern malware efficiently written by professionals and designed to be robust, organizations need to think outside the box if they’re to stand a chance of shielding their assets.

Don’t trust the device, trust the session

Enterprises need to acknowledge and counteract the point of attack - the browser – if they’re to stand a chance of protecting confidential enterprise data. A solution that can effectively secure access to enterprise networks from potentially insecure endpoint devices is needed.

Such a solution would comprise of technology that creates a virtual firewall of sorts inside the user’s computer. Intuitively activated when the user connects to enterprise networks and applications, this potential technology would separate enterprise related sessions from any others taking place on the machine.

Malware and exploitable vulnerabilities would be prevented from bypassing this virtual firewall and influencing protected web sessions with the enterprise. When a malware infected machine tries to communicate with the enterprise, it should be identified and the malware should automatically be removed before authenticating the device to all the enterprise systems.

Such technology should include keystroke encryption to evade keyloggers, communication protection to guard against unauthorized modifications, browser process and add-on protection as well as API blockage to prevent unauthorised access.

The enterprise is increasingly becoming a target of sophisticated, stealthy new malware that uses the enterprise’s own employees, partners and contractors as weapons. With five percent of endpoint devices estimated to be infected by botnets and other sophisticated malware, can you afford to leave the door to the enterprise unguarded? The Man in the browser is out there, waiting to be invited in so make sure you slam the door in his face.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Feb 9th