Whether your users are researching on the web, communicating with clients, accessing your new Software as a Service (SaaS) CRM platform, or downloading a shared file, most work today is conducted in the browser. The bad guys know this, of course, and are increasingly targeting the browser as a way to gain initial access, spread laterally throughout the network, and eventually deliver their payload. According to Gartner, 98% of attacks originate on the Internet, with more than 80% specifically targeting the web browser.
While web security, email security, and endpoint security provide some level of protection, the browser remains relatively exposed to today’s highly evasive threats. These increasingly sophisticated attacks are designed by threat actors to evade traditional security tools by shrouding their malicious intent in seemingly innocuous behavior.
The Rise of Ransomware
Ransomware attacks in particular are growing more successful in breaching enterprise networks. Threat actors first attempt is to gain initial access to the end device through the browser. They do this by tricking users into clicking on a malicious link or downloading a corrupted file, and they’re able do this by leveraging any number of evasive techniques – such as multi-factor authentication (MFA) bypass, HTML smuggling, password-protected files, and Legacy URL Reputation Evasion (LURE).
Once they gain that initial access, malicious actors can move laterally across the network and start to extract data – whether it’s logging keystrokes or exfiltrating files or data. Then, once all the value is extracted, systems can be locked down and held for ransom.
3 Keys to Building a Robust Browser Security Strategy
The only way to eliminate the threat of ransomware is to focus on that initial step – keeping threat actors from making an initial breach on the end device through the browser. This requires building a robust browser security strategy based on Zero Trust principles, gaining visibility inside the browser, and extending security controls to your least protected attack surface.
1. Enable a Zero Trust framework
The best way to keep bad guys out of your network is to simply not trust anyone. Adopting a Zero Trust strategy treats all content – whether it’s known or unknown – as malicious, preventing any entity from the Internet from gaining access to a user’s system through the browser. Solutions like web isolation moves all fetch and execution commands to a remote browser in the cloud, and triggers the malware to initiate its attack chain. Once exposed, the malware can be stripped away and only a clean, sanitized version is passed down to the end user. Zero Trust powered by isolation stops zero-hour threats with no prior history or an existing signature from using the unknown to gain access. As Generative AI makes it easier to spin up new threats, stopping these zero-hour attacks are critical.
2. Provide visibility into user web traffic
With existing solutions, successful intervention depends on how fast incident response (IR) teams can filter out the noise from actual threats. Implementing a solution that can provide end-to-end visibility into all web traffic allows you to quickly and accurately understand and correlate events within each web session. This helps provide a complete picture of web-based attacks that would otherwise require multiple security solutions and manual data integration efforts. By understanding details such as impersonated brand logos and end user actions, including data and credential entry, security administrators can significantly reduce their mean time to detect (MTTD) and mean time to respond (MTTR).
3. Apply robust browser security controls to prevent zero-hour threats and credential theft
Every attack starts off with some form of a phishing lure designed to steal your credentials and gain unauthorized access. Once initial access has been made, attackers can hide undetected, move laterally throughout the network, and launch sophisticated ransomware attacks at will. Commonly deployed security solutions such as Next Gen Firewalls, Secure Web Gateways, and URL reputation checks provide some cover, but can’t recognize new attack signatures because one doesn’t exist yet for an unknown or never-before-seen phishing attack. The best way to prevent threats like zero-hour phishing is by harnessing robust browser security technology. This technology utilizes real-time computer vision algorithms and conducts a thorough analysis of web page elements to accurately determine if a link being opened is a phishing site designed to steal user's credentials, and subsequently applies dynamic policy controls.
Ransomware delivered through the web browser continues to be a major risk for organizations around the world. Hardening your browser security seems like a viable strategy for combating these highly evasive threats. Just make sure you choose a solution that enables a Zero Trust framework, feeds IT and security teams with end-to-end visibility, and applies robust browser security controls to prevent zero-hour threats and credential theft. Only then can you effectively stop ransomware attacks in their tracks.
For more information on Menlo Security’s ransomware prevention strategy, see here.