Skip to main content

Browser threats are as serious as phishing or ransomware

(Image credit: Image source: Shutterstock/GlebStock)

Many organisations have close to no visibility into their web-facing assets. They are also, generally speaking, clueless about how people use these assets. Obviously, this is something hackers know and are willing to exploit. As a matter of fact, they have already done it with great success, and it's only going to get worse before it gets any better.

This is the general conclusion of a new report by RiskIQ, which analysed what's come to be known as browser-based attacks.

It says that this type of attack can stand shoulder to shoulder with some of the world's most popular cybersecurity threats, like phishing or ransomware.

It mentions cryptojacking (the practice of using a victim’s browser to mine cryptocurrency for as long as the victim is on a certain website) and waterholing as some of the better-known practices.

It also says Magecart revolves around a browser-based attack, and that the breach over at British Airways was also done using this technique.

In order to successfully beat this threat, one must first get to know it properly. And RiskIQ says there is one thing all browser-based attacks have in common.

“Browser-based attacks are poised to carve out a significant portion of the threat landscape for years to come, so it’s essential to understand what makes them tick,” the company says.

“And the first step to doing so is understanding what they all have in common: malicious injects.”

“Browser-based threats need malicious injects to execute their code, so that is where all these attacks begin. With RiskIQ telemetry data, we determined the six most common and interesting injection techniques that lead to these browser threats:” 

  •  Tacked-on 
  •  Top/Bottom 
  • Supply Chain
  • Executable Scope
  • Function Inlining
  • RFC Edge Cases

RiskIQ believes that in the near future, one of the biggest cybersecurity endeavours that businesses will have to face is combating browser-based threats.

The full report can be found here (opens in new tab).

Image source: Shutterstock/GlebStock

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.