Browser-based Attacks ‘Surging’

Virulent viruses and worms aren’t the only things to be watching out for.

Security analysts say browser-based attacks are escalating in frequency and damage. And now

there are numbers to back up the warnings.

The Computing Technology Industry Association, a global trade association based in Oakbrook

Terrace, Ill., reports that a new survey of 900 organizations shows that browser-based

attacks are surging, and may pose the ‘next significant security threat’ to enterprise

networks. The study reports that 36.8 percent of the companies surveyed suffered a browser-based attack in the last six months.

That number is up 25 percent from when the same study was conducted last year.

”Oh, yes. It’s happening,” says George Bakos, a senior security expert at the Institute for Security Technology Studies at Dartmouth College. ”Everyone is using a browser and trusting the browser. I hate to bash Microsoft, but there are so many ways to extract information through a person’s browser.”

These attacks, which are related to the recent spate of phishing scams, use a browser and user system permissions to allow an attacker to gain access to the computer to steal or destroy critical information. The attacks generally occur when a user visits a Web site that, on the surface, appears harmless, but contains malicious code that convinces the browser to execute commands designed to sabotage the machine or lift proprietary data or personal financial information.

”If an attacker can convince your browser to execute commands in the local zone, they could extract anything — credit card numbers, personal information, your browsing habits. Anything of value,” says Bakos. ”You’re essentially giving them a seat at your key board.”

Bakos explains that Microsoft’s ubiquitous Internet Explorer is designed with ease-of-use and maintaining a consistent interface in mind. The tools and technology available to developers to enrich content can be used by a hacker to steal information.

The malicious code exploits vulnerabilities, like the one in the Compiled Help Files in Internet Explorer. The code can be hidden in a rogue Web page. An attacker also could hack into a legitimate Web page and leave it there, or even plant the malicious code in a banner ad.

Users could stumble upon the infected page, or they could might receive a piece of spam that tricks them into visiting the site. However they get there, once they are on the site, they don’t even need to click on anything to be infected. Code on that page will dynamically download executables or content onto the machine.

”That’s absolutely the case,” says Steve Sundermeier, a vice president at Central Command, an anti-virus and anti-spam company based in Medina, Ohio. ”Your browser-based attacks are what your phishing scams are made up of… You innocently go to a site and you don’t know what you’re getting.”

The Computing Technology Industry Association also reports that while incidents of browser-based attacks are on the rise, computer viruses and worm attacks still far outweigh them. The survey shows that 68.6 percent say viruses and worms are the most security threat they have to deal with.

Talk about this issue with other IT Managers on our Forum: http://forums.datamation.com/forumdisplay.php?s=&forumid=1

RELATED NEWS AND ANALYSIS

• Ethics and Artificial Intelligence: Driving Greater Equality

  FEATURE |  By James Maguire,
  December 16, 2020

• AI vs. Machine Learning vs. Deep Learning

  FEATURE |  By Cynthia Harvey,
  December 11, 2020

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2021

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020