It’s only sort of true that people are the weakest link in the information security chain. The truly weakest link is the browser.
That’s because the browser is one of those apps that no one really pays much attention too, likely because in most cases, infosec professionals have absolutely no control over it. Customers can be (and often are) cajoled or even threatened with non-support of online apps if they don’t keep their browser up to date, but beyond that? There’s just no way to manage the various components of a browser that can – and do – lead to compromise.
But you can monitor it, at least while its operator is interacting with your site. It’s just that kind of monitoring that recently helped the F5 SOC detect – and shut down – a vicious little script.
The F5 SOC, which actively supports our WebSafe offering, spends a lot of its time researching a variety of malware and scripts that threaten financial institutions and their customers. One of the ways in which WebSafe protects customers and organizations alike is through actively (in real-time) keeping an eye on every aspect of the conversation between a customer and an app. Because of that active eye on real-time communications it’s able to detect and alert our security analysts when something looks fishy (pun intended). Which it did, recently (November 10, 2015 at 18:54 (UTC) if you want to be precise), when it noticed a script it deemed malicious being injected into a browser interacting with a financial app.
Script injection into browsers (often referred to as MItB or “Man in the Browser” attacks) is generally accomplished by existing malware such as a trojan downloaded and installed thanks to a successful phishing attempt (surprisingly, 45% still succeed) or through an infected browser add-on.
These malicious scripts are well-crafted and are easily able to trick users into providing more information than is actually necessary as well as snooping on communications and stealing credentials, financial account information, and anything else that might offer them the means to later successfully commit fraud. And they’re difficult to detect, unless you’re actively monitoring the browser in a way that isn’t easily circumvented by the attacker’s minion, malware.
That’s one of the benefits of a solution like WebSafe, as its able to monitor activity in real-time without requiring eventually identifiable agents or browser add-ons. And that’s what led to the discovery and subsequent shut down within hours of this latest script-injected attack.
You can learn more about WebSafe here and dive into the technical details of this malicious script in this report from the F5 SOC.
Stay safe out there!
About the Author
Related Blog Posts
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
F5 Silverline: Our Data Centers are your Data Centers
Customers count on F5 Silverline Managed Security Services to secure their digital assets, and in order for us to deliver a highly dependable service at global scale we host our infrastructure in the most reliable and well-connected locations in the world. And when F5 needs reliable and well-connected locations, we turn to Equinix, a leading provider of digital infrastructure.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.
The Internet of (Increasingly Scary) Things
There is a lot of FUD (Fear, Uncertainty, and Doubt) that gets attached to any emerging technology trend, particularly when it involves vast legions of consumers eager to participate. And while it’s easy enough to shrug off the paranoia that bots...