Maybe you noticed this news item from just a short while ago: a developer at A9t9, creators of the CopyFish Browser extension, was duped into opening a link in a phishing email. Clicking that fraudulent link sent the developer to a fake Google Account login page where he entered credentials, giving the hacker access to the developer’s A9t9 account. With this access, the hacker pushed a malicious update of CopyFish extension to Chrome users, allowing potentially malicious adware to be loaded onto vulnerable users’ computers. As of this writing, the attackers still have control of the extension: Anyone still running it is advised to uninstall — pronto.
While this story is particularly galling, attacks that infect computers via application and browser vulnerabilities are a dime a dozen. The Ponemon Institute estimates that 75% of companies have been affected at some point by browser and application-based malware and attacks like these generate about 80% of malware on corporate networks.
How Browser and Application-based Malware Does its Dirty Work
Browser and application-based malware makes its way onto computers and devices in many ways. In one classic delivery method, the attacker creates a malware-laced banner or ad (referred to as a malvertisement). Sad to say, this isn’t much of a challenge. He or she submits the “ad” to legitimate third party advertising networks which serve websites that host ads.
These networks don’t necessarily check the legitimacy of ads submitted to them. In some cases, they actually do check out ads to be sure they aren’t malicious. Smart attackers, however, programmed malvertisements to be safe until delivery to websites where they’ll be displayed. Either way, when an innocent browser lands on a page with an infected ad, the banner code scans his computer for application vulnerabilities. When and if it finds one, it essentially “drops” the malware into that hole, and voila, he’s got malware.
To get the most bang for their buck, attackers use attack vectors such as Java, Adobe Reader and Flash, and Internet Explorer, which are among the most commonly installed applications. This helps them reach the widest range of victims and do a great deal of damage with little effort on their part.
Just think about Adobe Flash, banned from iOS by Steve Jobs back in 2010. This less-than-secure application has been a hacker favorite for years because in its heyday, almost everybody had it installed. Malware distributors knew they could rely on ’old faithful’ to have some new, yet-unpatched vulnerability that they could exploit to spread malware. Though Flash is slated to meet its maker in 2020, it still persists, vulnerabilities and all.
And here’s the rub; even if there were no Flash, no Reader and no Java, browser and application-based malware could still do its worst, because even the most secured applications and browsers can become compromised at times, as the CopyFish incident proved. While killing Flash is a good (great!) move, it’s hardly the end of internet-based threats.
This is just one of the reasons why Gartner’s report on the top 10 security solutions for 2017 names remote browsing — also known as browser isolation – as the answer to “the cesspool that is the internet”: “Information security architects can’t stop attacks but can contain damage by isolating end-user internet browsing sessions from enterprise endpoints and networks.”
Security Through Isolation
Browser isolation works by containing all activity in a disposable browsing session that gets “thrown away” each time a user logs off or simply closes the browser, or the browser tab that they’re in. With the right isolation solution, you can freely browse the web from any browser, OS and device, the same way you do today, without negatively impacting the user experience and without endangering your network.
All internet browsing sessions are routed through the isolation safe zone. Each time you create an additional browsing session or open an additional browser tab, an additional isolated browser container is spun up. All content is rendered as a visual stream in the original browser. It looks like the webpage, it acts like the webpage, it interacts like the webpage — it’s just completely secured from any potential infiltration. And when the session is over, the isolation zone container is destroyed, along with any malware it contains.
Attackers are experts at changing things up, at finding new ways to get to the data they want. Don’t be caught playing catch-up! Isolating your browsers and applications from the web is the key to effectively blocking even zero-day exploits from all entry points, and fully — finally — prevent attackers from getting the access they crave.