Common Browser-based Network Attacks and How to Avoid Them

Day by day, we do more and more through our web browsers.  We perform daily work tasks like checking and sending email, visiting websites to learn about news in our chosen fields, and work in web-based operational systems all through our browsers, and outside of the office, we use those same browsers to check our bank account balances, purchase goods and services online, and even meet new friends.  This allows malicious actors the ability to cast an extremely wide net for would-be victims by creating an attack vector which utilizes the web browser.  Let’s take a look at a couple of possible attacks and investigate how one can mitigate or entirely avoid them.

Cross-Site Scripting

Cross-site scripting is one of the most prevalent types of browser-based network attacks.  This attack works by having a victim direct their browser to an exploitable website (likely one that they already trust) with some information encoded in the URL to cause the victim’s browser to download malicious code.  This malicious code is then executed on the victim’s system through the browser to send sensitive information from the victim’s browser to the attacker’s server for logging and use later.

Cross-Site Request Forgery

Cross-site request forgery is another widely-used method of attack.  In this type of attack, the malicious actor causes the victim’s browser to execute actions or make website requests without the victim’s consent or knowledge.  This attack usually happens when a user is logged into their account on a website which provides account-specific functionality.  Through cross-site request forgery, the attacker can effectively act like they are the logged-in user as long as they can convince the victim to click specially-crafted links to execute the unauthorized actions through the victim’s account.  The victim is often unaware that the links they are clicking are executing malicious actions because they have been injected by an attacker through an exploit in the website that the victim trusts.  This type of attack may simply be annoying (for example, the attacker could simply change the victim’s settings on the website), but they could also be very impactful if, say, a bank’s website was compromised as the attack may be able to initiate money transfers from the victim’s account into their own (this bank example actually happened in ING Direct’s online banking system).

General Precautions

Always be sure that you have the appropriate anti-virus and anti-malware software installed, up-to-date, and running on your computer.  This will help in the event that an initial attack is successful in that it can potentially stop the execution of malicious code once it arrives on your system.

In addition, a great guideline is to never click links in emails from individuals you do not know.  Emails are one of the largest entry points for exploits as it is so easy to just click a link in an email.  These links can contain information and send you to exploitable websites which will allow an attacker to harvest any information the exploit he is using can touch.

Along those same lines, be extra cautious when clicking any links in emails.  Even if the email is from someone you know, they could have had their email account compromised, or they may be sharing malicious links without them knowing.  If you expect a link to be to a certain website, hover over it and see if you can determine what the actual URL is.  For example, if a link you expect to be going to Yahoo has a URL like http://yhaoo.com/, do not click it as it is not yahoo.com.

Another precaution to take is to double-check the URL of sites before you login.  If you’re on a site that looks like Facebook, ensure that in your browser’s location bar that the URL is https://facebook.com and not something else.  If it isn’t, you are very likely at a site which is attempting to collect your Facebook credentials for their usage later.

If you have any questions about these types of attacks or would like more guidance on how to make your computer systems more secure, definitely call SandStorm IT at 901-475-0275.  We’ll listen to your concerns and offer our professional advice to protect your computing infrastructure.