Browser-based threats have become one of the biggest concerns facing cybersecurity professionals today. It’s critical for organizations to implement effective protection from these hard-to-detect attacks.
Of all the software in use, browsers are the most exposed. They are constantly connecting to the outside world, and frequently interacting with web sites and applications that cybercriminals have infected with malware. Browsers are powerful, data-rich tools that if compromised, can provide an attacker with a vast amount of information about you, including your personal address, phone number, credit card data, emails, IDs, passwords, browsing history, bookmarks etc.
During the past year or so, we’ve seen a sharp increase in web threats that are specifically designed to leverage browser-based vulnerabilities. This increase in popularity is not only because browsers are strategically desirable as hacking tools, but because browser-based web threats are difficult to detect. Most malware detection and prevention technologies work by examining files such as downloads or attachments. However, browser-based threats don’t necessarily use files, so conventional security controls have nothing to analyze. Unless organizations implement advanced tools that don’t rely on analyzing files, browser-based attacks will likely go undetected.
Given that browser-based attacks are powerful and difficult to discover, it’s easy to understand why they have become so prominent. They simply work.
Static – Structural Abnormalities
Dynamic – Behavioral Abnormalities
In those cases where the malware detection engine encounters abnormalities during the initial static analysis phase, it can examine the code more closely. The most rigorous and time-consuming tests need only happen in those rare situations where all previous tests indicate a substantial risk of malware.
For example, static analysis might identify capabilities that could potentially be malicious, like data encryption. Code that can encrypt data could be ransomware. In this case the system will also perform dynamic analysis to determine if the code does in fact behave maliciously, or if it uses the encryption capabilities in benign and appropriate ways.
Static analysis efficiently detects a wide variety of anomalies such as abnormal macros, missing or added structures or segments, correspondence with command and control servers used by cybercriminals, and more. Some of these capabilities are very indicative of malicious intent and the system can immediately score the object as high-risk. If there’s any doubt, the system also performs dynamic analysis to test what the code actually does when it executes.
If static analysis uncovers nothing suspicious, the system can, with a high rate of accuracy, score the object as low-risk and bypass dynamic analysis.
Cybercriminals are constantly working to find new and more effective ways to infiltrate our computers, devices, and networks. The recent evolution in browser-based cyberthreats is a poignant example of malicious new techniques that are both difficult to detect and effective.