Web Browser-Based Attacks: How to Protect Users

By Yuki Arbel. February 20, 2020

Browser attacks are one of the most popular ways for cyber criminals to inflict damage. This shouldn’t be surprising considering how exposed web browsers are and how much sensitive information they hold, such as credit card details, passwords, IDs, and more. 

By compromising web browsers like Google Chrome, Microsoft Internet Explorer or Mozilla Firefox, hackers can also gain entry to end-user machines, which are the Achilles heel for enterprise cybersecurity professionals and the holy grail for attackers. Once attackers are inside those devices, they can spread malicious code throughout the company network and steal sensitive data. 

Common Browser Attacks  

Web attacks are executed in a variety of ways. They often use social engineering to persuade users to take actions that kick off an attack. For instance, end users may click on a link in a phishing email, which takes them to a web page where malware downloads onto their device. 

Many times hackers use Cross-Site Scripting (XSS). This entails putting malicious code into a legitimate web site or web application. When a user visits, malicious scripts — usually written in JavaScript, but sometimes also in ActiveX or Flash — are executed in their web browser. The scripts might send the victim’s cookie to the attacker’s server, where the attacker can use it for session hijacking. Or they could capture screenshots, log keystrokes, or remotely access and control the user’s machine. 

And then there are man-in-the-browser attacks. This is where an attacker inserts himself into the communications channel between two trusting parties by compromising a web browser used by one of the parties. It’s essentially a Trojan that can modify web pages and online transactions without the user noticing.

Stopping the Unstoppable

It’s pretty much accepted these days that you can’t stop browser attacks. But you can mitigate their damage, particularly when it comes to enterprise cybersecurity. Some IT organizations attempt to do this using antivirus solutions as part of a larger security stack. They have some, albeit limited, success. 

Others use browser isolation. Browser isolation typically uses a browser in the cloud to access a website, which is then rendered on the local machine as an image that is displayed to the user, keeping any web borne threats away from local resources.

The issue with browser isolation is that it relies on employees only using the particular browser that is isolated. If they use a different web browser, all bets are off. And you can almost guarantee that some people will use other browsers at some point, particularly with so many using their own computers for company work.

Another challenge with the web browser isolation has to do with user experience. Every time you browse to a website, the site is being accessed by the remote browser in the cloud, and the local user is being shown an image or a video stream. User experience is less than ideal, to say the least. Reliability can also be a problem, particularly when the application isn’t keeping pace with browser updates. You never know when you’ll run into websites and web services that simply won’t work with it.

Operating System Isolation Contains Web Attacks, and More

Operating systems isolation is the next step in the isolation evolution. Not only does it safeguard sensitive corporate information from web attacks, unlike browser and application isolation solutions, OS isolation protects against all attack vectors. And, also unlike browser and application isolation, OS isolation ensures high performance and reliability. 

It works like this: The OS isolation technology runs below the endpoint device’s operating system. It splits each device into multiple, local virtual machines, each with its own operating system. Everything end-users do happens in different operating systems, which run side-by-side with full separation. None of the virtual environments can access the corporate network directly. Instead, they each connect through an invisible network virtualization layer that applies network segmentation on the endpoint. 

To protect against web browser and other attacks, you can run two VM environments on each end-user’s device: 

  • Fully locked-down VM that’s limited to accessing sensitive corporate data and systems, e.g., IT systems, payment/transaction systems, customer data, CRM systems.
  • Unlocked, open VM for unrestricted access to non-corporate resources, including browsing the full web, installing any application, using external devices.

With full OS isolation solutions like the Hysolate Platform, any malware that infiltrates a web browser or any other attack vector on the open VM cannot reach sensitive resources. Malware can only access the VM that it’s contained within. In fact, hackers can’t even see that another VM — or any other information — exists on that device. 

And for added security, that open VM can be programmed to be non-persistent so that it’s automatically wiped clean at prescribed intervals. It can also be remotely wiped clean when required via the Hyoslate management console.  

Want to future proof your attack mitigation? Learn how Hysolate provides air gap grade security without restricting user experience. Start your free trial here.

About the Author

An industry veteran with 20 years of IT, networking and cloud experience, Yuki serves as Hysolate's VP of Product Management. Yuki started his career at P-Cube, a networking startup that was later acquired by Cisco. After his position as system architect at Cisco, Yuki became CEO of Comsleep, an energy saving startup. Most recently, Yuki served as Head of Product for Nokia’s NFV infrastructure, driving telecom networks towards virtualization.

Share this article: