https://www.techtarget.com/searchsecurity/tip/Common-browser-attacks-and-how-to-prevent-them
Every enterprise employee has a web browser on their computer. Because it's a ubiquitous application, malicious hackers have crafted several types of browser attacks. Users and security teams should be aware of these approaches and know how to work together to prevent them.
The following five browser attacks -- cross-site scripting (XSS), malicious extensions, session hijacking, DNS poisoning and man-in-the-middle (MitM) attacks -- have been around for a while and are well known. Yet, they still work, so attackers continue to use them.
XSS attacks inject malicious code client-side, often in the form of JavaScript, HTML or Visual Basic Script, into a compromised web application or website to affect the victim's browser. For example, an infected website could send malicious script to the browser, where it executes and steals user data or hijacks the browser session. The browser runs the malicious script because it's assumed to be from a trusted source. Bad actors conduct XSS attacks in one of the following three ways:
Security teams and developers have the following options to combat XSS attacks:
Plugins and extensions are small pieces of code designed to enhance the browser's functionality. For example, they can block ads, halt JavaScript execution and even prevent malicious file downloads. But there's a problem: Browser extension marketplaces rarely screen extensions comprehensively, and malicious ones can slip through. Malicious extensions and plugins can push spam to users, save user inputs and inject malicious payloads through the browser. The immense number of extensions available makes it almost impossible to discern what is safe and not.
A mix of technological and social controls can keep malicious extensions off users' browsers:
Whenever a user visits a website or web application, the server delivering the pages assigns the visit a unique session ID. During a predetermined session length -- whether it lasts five minutes or a day -- this ID is exchanged between the browser and the server to make sure the session remains valid and legitimate. If, for some reason, this ID is not encrypted, the browsing session could be intercepted by a malicious third party. They can apply the session ID to their browser and masquerade as that legitimate user. From here, the attacker could steal personal information, infect the user's device with malware or conduct a DDoS attack from that session.
Manage users and systems to prevent a session hijacking attack by doing the following:
Malicious attackers spoof DNS records to redirect a user from a legitimate website to a fraudulent one. The attackers' website is designed to capture login credentials, steal personal data or deploy a malicious payload through the browser to the endpoint. These attacks succeed when the fake website convincingly looks like the legitimate one. Users input login credentials often without noticing the switch.
Simple precautions help prevent DNS poisoning, including the following:
In a MitM attack, cyber attackers insert themselves between a web application or website and a user's browser. They can then listen in on communications between the user and the website to collect information such as login credentials. MitM attacks involve IP, DNS and Address Resolution Protocol spoofing to collect communication between the two parties. The MitM attack doesn't prevent the communication from reaching its destination; the attacker sees what's shared and lets it continue onward.
Encrypted, protected internet traffic helps stop MitM losses. Also, do the following:
29 Sep 2023