A Thief’s Perspective #1: Browser Attack Methods

Understanding the attack methods and techniques of bad guys provides valuable insights that can help you refine your security posture. This five-part blog series looks at attacks from a thief’s perspective and shows you how the latest security technologies can block them.

Employees Are So Helpful—Just Ask any Hacker.

Everyone must choose their battles. Take cyber-thieves, for example. Instead of going head-to-head with your security team, the bad guys would much rather test the skills of your employees. They understand that every browser window can become a front door to your organization and that the average employee isn’t as security-savvy as IT staff.

They also realize that employees are forced to make decisions on how they interact with browser-based and delivered content—all day, every day.

The deck is stacked in favor of the bad guys who use phishing emails, social engineering, and drive-by browser downloads aimed at less savvy employees. The trouble is, employees are falling for it a lot. Suspect URLs skyrocketed between 2013 and 2014, growing an astounding 87 percent. In the fourth quarter of 2014 alone, McAfee Labs predicts there were more than 23,306,000 browsers attacks.

Browser caching and JavaScript* in PDFs* and web forms make interacting with content much easier for employees. Unfortunately, the same technologies that help mask complexity can also be used to mask criminal intent. Thieves understand that existing signatures catch common exploits, so they modify executables enough so that signature analysis engines won’t detect them. And broad support of JavaScript allows attackers to use one script to create multiple-platform payloads contained in popular file formats such as PDF and Flash*.



A Different Way to Inspect Web-delivered Content

As thieves get craftier, security inspection techniques must go beyond simple signature checking and perform rapid, lightweight inspection of web-delivered content. At Intel Security, we offer the industry’s broadest range of signature-less inspection on security devices to block web-based attacks. These innovative technologies include:

– Web Content and URL Filtering capabilities help keep users safe from the dark corners of the web using global intelligence to categorize web threats based on the reputation of web documents and URLs. This first line of defense helps protect users from themselves as they unknowingly click on malicious URLs or download malware-laden documents.

– Real-time Deep File Inspection allows security devices to perform deep analysis of inbound web content by understanding scripting behavior hidden inside a file. PDF/JavaScript inspection provides deep file analysis with JavaScript detection to find and stop threats concealed in embedded scripts in PDFs. Advanced Adobe Flash Inspection is a lightweight inspection engine that uses heuristics to analyze the behavior and structure of Flash code. It determines the intent of browser-delivered Adobe Flash content before malicious payloads can be delivered to endpoints while also scanning and detecting malicious Flash files embedded within PDF files.

– Real-time Emulation allows immediate insight into all inbound web content via the browser, and protects users during web sessions. It emulates a browser’s working environment to study the behavior of incoming files and scripts.

Learn more, about how bad guys target employees using browser attack methods—including what you can do about it. Check out the new Intel Security Tech Brief: A Thief’s Perspective on Browser Attack Methods.

Leave a Comment

7 + 13 =