Browser-Based Attack Proliferation Calls for New Security Approach

Harish Agastya

January 10, 2017

Browser-Based Attack Proliferation Calls for New Security Approach

With studies showing some 57 percent of organizations have experienced a recent cybersecurity incident, 48 percent of those were caused by outdated security controls and architecture. Browsers often create security issues for an organization, and they run a full range of plugins that can create headaches for IT teams in managing, updating and controlling what employees install.

Organizations sometimes need to use legacy browsers to ensure compatibility with various services and resources, and this increases the attack vector for cybercriminals, as the chance of exploiting unpatched vulnerabilities via malicious URLs increases with every employee and every internet-connected endpoint. Some browsers, such as Internet Explorer, are deeply rooted into the operating systems, raising serious security concerns if attackers were to gain access to privileged system resources by exploiting known but unpatched vulnerabilities.

Browser Security Status Quo

Advanced targeted attacks targeting large companies often use browser-based vulnerabilities to gain a foothold into an organization, leaving IT teams with limited options to prevent them. They can either over-configure security policies, to the detriment of user experience, or leave the organization exposed to risk from lax policies.

Another approach would be to deploy several layers of in-guest security tools, such as endpoint security software, HIDS, firewalls and application controls, designed to minimize risks associated with browser and plugin vulnerabilities. However, because these controls are also rooted and depend on the operating system, they are prone to APT evasion techniques aimed at gaining root-level privileges and circumvent security mechanisms.

For example, rootkits and bootkits can often execute code in ring-0, masking their presence and communication with C&C servers. There’s also the risk of APTs exploiting vulnerabilities in various privileged modules of the endpoint security solution, leading to a full system takeover.

Flash and Java browser plugins are often exploited when delivering malicious payloads on employee’s endpoints, with reports stating that half of Flash-using browser within organization are using outdated versions dating back to at least one from currently updated builds. Since APTs are known to rely on vulnerabilities in this popular plugin to drop malicious payloads, IT teams have a hard time managing and maintaining all endpoints without affecting employee user experience.

Secure Browsing With Hypervisor Introspection

The hypervisor introspection technology developed by Bitdefender in collaboration with Citrix, currently available in tech preview, has proven more than just able to protect virtual environments running XenServer -- it can also be deployed in other scenarios that involve creating a secure browsing environment protected from advanced targeted threats.

One such example involves securing a Citrix XenServer with Bitdefender HVI and running XenApp on that server. This will enable a centralized browsing experience by isolating the browser on a public server, while also minimizing endpoint compromise via potentially unsafe and fragmented browsers. From a user’s perspective, the browsing experience is completely seamless while at the same time removing any vulnerable browser elements that could compromise the endpoint, as the entire browsing session is offloaded on the HVI-protected XenServer.

This particular implementation can be deployed on-site, without affecting the overall user experience of employees, while offering accessibility and security. To that end, any employee-received URL that’s clicked will immediately open within the web browser published by XenApp and secured by Bitdefender’s HVI.

This type of flexibility solves the browser-version control issue, while preserving an untampered user experience. Browser isolation from the end-user endpoint significantly reduces the risk of companies having their environments compromised. More than that, IT administrations can also enforce access control policies for each user session, and data centralization, as everything accessed through the secure browser is safely stored within the organization.

Reducing Attack Surface and Uncovering APTs

The secure browser implementation is more than straightforward, as it only requires a XenApp running on a HVI-protected XenServer. This implementation allows organizations to reduce the attack surface while also gaining insight into the security stats of the hosted browser. Without affecting operational requirements or affecting usability, the security benefits proposed by the stand-alone secure browser implementation can prevent an attack from the early stages, protecting organizations from full-blown security breaches.

The full white paper is available here

Contact an expert



Harish Agastya

Harish Agastya is VP of Enterprise Solutions at Bitdefender where he is responsible for the company’s enterprise business products and services portfolio. Agastya’s career spans over 25 years in high-tech B2B marketing, product management and R&D. Prior to joining Bitdefender, he held executive roles in marketing and products at other security companies. Agastya has an MBA from UC Berkeley and an MS in Computer Science from Penn State.

View all posts

You might also like