Browsers are integral to our daily lives and can be our window to the Internet and also a window from the Internet to our private lives. They are complex software and like any complex software they have vulnerabilities, and some browsers, such as Google Chrome take a proactive approach to identify these vulnerabilities. However, not all vulnerabilities are discovered internally, a great amount being discovered in the wild, while others remain totally unknown.
Browser exploits, designed to exploit browser vulnerabilities, have become a popular strategy for Advanced Persistent Threat (APT) and cybercriminal groups. Their difficulty to detect, coupled with the ability to target specific technologies, IP addresses, browser languages, and more, makes them formidable adversaries. The ever-evolving implementations of HTTP and HTML protocols across different browsers further complicate detection efforts.
Legacy technologies, which were not designed to withstand modern cyber threats, are often vulnerable to cybersecurity vulnerabilities. These traditional technologies struggle to detect these elusive attacks, which often look similar to legitimate code and can even be planted inside it. It is difficult for external solutions to understand the logic behind these attacks due to the complexity of web technology, including self-modifying code, Javascript, and scripts for improved user experience. This complexity makes it difficult for security professionals to keep up with these technologies, as they struggle to understand the logic behind the code and maintain a secure user experience.
The global cybercrime damage costs are projected to increase by 15% annually, reaching an annual total of USD 10.5 trillion by 2025. Cyber threats, specifically browser attacks, also known as watering hole attacks, are a significant cyber threat that targets organizations by monitoring their websites and exploiting them with malware. Although Google leverages artificial intelligence to detect such attacks, its focus leans towards research purposes rather than commercial applications. Eset Research, in a recent study, uncovered alarming statistics – almost 45,000 compromised websites between September and November 2023, with a single implant named JS Agent, marking a 111% increase in detections, making it the second-highest threat in the latter half of 2023.
Javascript has revolutionized web pages, allowing dynamic behavior instead of static content. Security products must now understand how a user interprets and executes Javascript in loaded web pages. Traditional antivirus products and intrusion detection sensors struggle to identify browser attacks due to Javascript mystery. Web 2.0 attacks are unique due to varying malicious web implants within the same website, making it challenging to create signatures that accurately identify all malware at the network level.
While these attacks continue to proliferate, major companies also face constant threats despite robust security measures. Watering hole attacks exploit browser vulnerabilities, therefore compromising the employees who already have access to critical assets within the corporate network making it difficult to detect and contain the breach. High-profile breaches, like the SolarWinds hack, emphasize the urgency for companies to fortify their security measures to prevent potential data and reputation losses.
Andrei Bozeanu, founder of Dekeneas, underscores the severity of browser attacks, revealing their potential to disable antivirus or extended detection and response systems. “The landscape of browser attacks is constantly evolving, posing a formidable challenge for cybersecurity experts. It requires a collaborative effort between the industry and researchers to stay ahead of these sophisticated threats,” states Mr. Bozeanu. He notes that all browsers are vulnerable, and attackers from various countries actively deploy these sophisticated techniques.
Dekeneas takes a proactive approach to tackling browser attacks, drawing from 12 years of extensive research. Boasting a machine learning dataset based on specific operations classified as malicious capabilities, they analyze over 40,000 malicious implants collected in the world of the internet. Despite the inherent challenges of machine learning, Dekeneas employs technologies like the “Code Logic Emulator,” “Requirements Extractor,” “Smart Sandboxes,” and “Network Attack Detector” to minimize false positives. Their flagship product, Browser Attack Detector, aims to empower users to detect and respond to web attacks more effectively.
As browser attacks become increasingly sophisticated, organizations must prioritize cybersecurity measures to safeguard their networks. The collaboration of advanced technologies, artificial intelligence, and dedicated solutions like Dekeneas are crucial in staying ahead of evolving cyber threats. As Andrei Bozeanu aptly puts it, “The complexity of these attacks requires innovative and proactive solutions to ensure the security of our online experiences.”