Aamir Lakhani, cybersecurity researcher for Fortinet’s FortiGuard Labs, discusses criminals flocking to web server and browser attacks, and what to do about it.
Smart cybercriminals are going after web servers and browsers, more so than after individuals. Unfortunately, these types of attacks often go ignored, as they’re harder to test for (in terms of pen-testing).
With much of the world now working remotely, this threat has intensified. Attackers use email, instant messages, SMS messages and links on social networking to trick at-home workers into installing malware that leads to identity theft, loss of property and, possibly, entry into the corporate network. Phishing attacks may lead users to fake sites or landing pages, with the same intent.
What are the latest risks organizations are facing, and what can be done now to defend against them?
Web-Based Phishing On the Rise
The cybersecurity industry is seeing a significant spike in web-based phishing, starting with the HTML/phishing cyber-threat family. Similar HTML cousins – /ScrInject (browser script injection attacks) and /REDIR (browser redirection schemes) – have also contributed to the increase in phishing attempts in 2020. Web-based malware tends to override or bypass most common antivirus (AV) programs, giving it a greater chance of survival and successful infection.
This reveals a strong interest from cybercriminals in attacking users where they are often most vulnerable and gullible: browsing the web. The combination of remote work and online shopping expand this threat significantly. Black Friday shoppers last year spent a record-shattering $9 billion, for instance. With the COVID-19 risk of in-person shopping, 2020’s Cyber Monday was reportedly the largest online sales day ever. Web-based malware can obscure and/or bypass traditional AV products, upping the chance of successful infection.
Browsers: A Key Delivery Vector for Malware
Browsers are not easy to secure, and web applications can be challenging to monitor. These are some of the reasons why the browser has become a key delivery vector for malware over the last year, and this trend will likely continue for the next year. This corresponds to the documented drop in corporate web traffic, which was generally inspected and sanitized, and the rise in home-based web traffic due to the shift to remote work.
This shift reinforces the point that cybercriminals have intentionally changed their attack methodologies to target the traffic that is now flooding lesser-secured networks. Malware trends reflect attackers’ intentions and capabilities. Similar to intrusion-prevention system (IPS) detections, malware picked up by security sensors does not always indicate confirmed infections, but rather the weaponization and/or distribution of malicious code. Detections can occur at the network, application and host level on many different devices.
What Cybersecurity Actions Should I Take Now?
There are three things that organizations need to consider when it comes to their cybersecurity strategy: Cyber-hygiene is key: Organizations must provide remote workers with the knowledge and training necessary to secure their own personal networks and the connected business network. This involves training but also guidance on software updates. Organizations can’t rely on employees’ personal security: They must also provide additional resources, such as endpoint detection-and-response (EDR) solutions that can detect and stop advanced threats. Organizations need advanced, real-time threat protection for endpoints both pre- and post-infection. Effective cybersecurity necessitates continuous vigilance and adaptability to changing threat strategies: Though security should have been a top priority all along, now may be the time to consider investing in broader, more advanced, adaptable, and integrated solutions – particularly as cybercriminals modify their attack methods to use personal devices as a springboard to enterprise networks. With this in mind, fortifying remote systems and networks should top the security to-do list.
The threat landscape shifts constantly, requiring security pros to keep on top of new threat types and vectors. Savvy defenders should note that the browser was a prime delivery vector for malware in 2020 – and is likely to be again this year – and act accordingly to ensure consistent controls for remote systems. Regardless of the state of the world around us, the best way to protect against ever-evolving malicious activity is to take a comprehensive, integrated approach to cybersecurity.
Vital components of this approach include continuous access to up-to-date threat intelligence and cybersecurity training for all employees, particularly those who work remotely. It’s also essential to use updated security technology, such as EDR, which detects and halts advanced threats in real time. All the intelligence in the world won’t do an organization any good if its security tools aren’t capable of using it to find and mitigate attacks. Make sure all of these tactics are part of your comprehensive security strategy.
Aamir Lakhani is a cybersecurity researcher and practitioner for Fortinet’s FortiGuard Labs.
Enjoy additional insights from Threatpost’s InfoSec Insider community by visiting our microsite.