It’s only sort of true that people are the weakest link in the information security chain. The truly weakest link is the browser.
That’s because the browser is one of those apps that no one really pays much attention too, likely because in most cases, infosec professionals have absolutely no control over it. Customers can be (and often are) cajoled or even threatened with non-support of online apps if they don’t keep their browser up to date, but beyond that? There’s just no way to manage the various components of a browser that can – and do – lead to compromise.
But you can monitor it, at least while its operator is interacting with your site. It’s just that kind of monitoring that recently helped the F5 SOC detect – and shut down – a vicious little script.
The F5 SOC, which actively supports our WebSafe offering, spends a lot of its time researching a variety of malware and scripts that threaten financial institutions and their customers. One of the ways in which WebSafe protects customers and organizations alike is through actively (in real-time) keeping an eye on every aspect of the conversation between a customer and an app. Because of that active eye on real-time communications it’s able to detect and alert our security analysts when something looks fishy (pun intended). Which it did, recently (November 10, 2015 at 18:54 (UTC) if you want to be precise), when it noticed a script it deemed malicious being injected into a browser interacting with a financial app.
Script injection into browsers (often referred to as MItB or “Man in the Browser” attacks) is generally accomplished by existing malware such as a trojan downloaded and installed thanks to a successful phishing attempt (surprisingly, 45% still succeed) or through an infected browser add-on.
These malicious scripts are well-crafted and are easily able to trick users into providing more information than is actually necessary as well as snooping on communications and stealing credentials, financial account information, and anything else that might offer them the means to later successfully commit fraud. And they’re difficult to detect, unless you’re actively monitoring the browser in a way that isn’t easily circumvented by the attacker’s minion, malware.
That’s one of the benefits of a solution like WebSafe, as its able to monitor activity in real-time without requiring eventually identifiable agents or browser add-ons. And that’s what led to the discovery and subsequent shut down within hours of this latest script-injected attack.
You can learn more about WebSafe here and dive into the technical details of this malicious script in this report from the F5 SOC.
Stay safe out there!
About the Author
Related Blog Posts
F5 ADSP Partner Program streamlines adoption of F5 platform
The new F5 ADSP Partner Program creates a dynamic ecosystem that drives growth and success for our partners and customers.
Accelerate Kubernetes and AI workloads with F5 BIG-IP and AWS EKS
The F5 BIG-IP Next for Kubernetes software will soon be available in AWS Marketplace to accelerate managed Kubernetes performance on AWS EKS.
F5 NGINX Gateway Fabric is a certified solution for Red Hat OpenShift
F5 collaborates with Red Hat to deliver a solution that combines the high-performance app delivery of F5 NGINX with Red Hat OpenShift’s enterprise Kubernetes capabilities.
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.