Think twice before you click to save credentials in a web browser, writes David Higgins, pictured, of CyberArk, the IT access security product and cyber services company.
Thanks to the saved password tool, it’s increasingly common for attackers to target credentials stored within web browsers. Both employees and consumers often store their credentials on browsers such as Chrome, Firefox and Internet Explorer to save the time and effort of remembering a range of usernames and passwords. But credential attacks on many of these well-known browsers are becoming increasingly prevalent. The motivation and method behind the attacks vary, but the message is clear – browsers are a soft target on today’s hackers’ short list.
Why are browsers vulnerable? Every browser offers a means to save credentials for online/web accessible systems. In fact, the option is frequently displayed as a pop-up box that highlights “save” as the default.
This simple, time-saving step encourages adoption of the feature. Users, after all, like the convenience of not having to enter credentials every time they visit their favourite website or frequently used system. The information stored in the browser is publicly available to programs that the user runs. But despite the convenience, there is a major downside: credentials saved in a browser are a natural target for phishing attacks and provide easy access to the targeted user’s systems.
As seen in the Vega Stealer malware, there can be a hefty price to pay when users opt to press that “save credential” checkbox. Victims of this type of attack can unintentionally expose sensitive, browser-accessible IP. The malware is in use across multiple industries and particularly prevalent in marketing, advertising, public relations, retail and manufacturing. This is likely because these targets tend to have higher-than-average usage of 3rd party and SaaS solutions in operation.
Another credential stealing malware is the one targeting crypto-chat app Telegram. Once downloaded, the malware extracts browser credential data that allows restoring cache and maps files into an existing Telegram desktop installation. If the session was open, the attacker has the chance to access the victim’s session, contacts and previous chats without their knowledge.
Reducing the threat
It’s essential organisations look to protect themselves from this type of threat. A combination of employee education and robust privileged account management can provide the essential pillars for protection from hackers targeting web browsers. This starts with endpoint security, ensuring that devices being used to connect to the internet via web browsers are protected, before they open the door to the network they’re connected to.
Enforcing privileged security on the endpoint is a fundamental part of any security programme. By allowing organisations to block and contain attacks at the endpoint, teams can effectively reduce the risk of information being stolen or encrypted and held for ransom, without holding up productivity with additional security hoops to jump through. This type of two-pronged offensive stance is the only effective method to protect employees and businesses from hackers targeting user convenience.
