Dive Brief:
-
Hackers use existing malware, like strains of Cerber, Kriptovor and CryptXXX, to "harvest" stored browser data, according to an Exabeam report using the Alexa Top 1,000 list as a guide for websites with the most traffic. As a result, hackers can create an individual's "web dossier" through visited sites, HTTP cookies, LocalStorage, saved credentials and autofill features on browsers.
-
The WebBrowserPassView tool is used to aid in password recovery, but because it "dumps" those passwords into browsers like Internet Explorer, Chrome and Firefox, hackers could obtain the data. Passwords are typically decrypted by browsers and "can be accessed by any process," according to the report.
- Corporations have no way of extending cybersecurity practices beyond their network. "All it takes is one weak link and a hacker can easily pivot into the corporate network to steal sensitive information," said Ryan Benson, senior threat researcher at Exabeam, in an email to CIO Dive. "With so many cloud-based services, the attacker may not even need to move into the corporate network at all to do damage."
Dive Insight:
No one knows you quite like your browsing history and hackers can use that knowledge to their advantage.
Sites including Gmail, Amazon and the IRS keep a record of credentials, email addresses, searches and downloaded files. Malicious actors that work to collect this data could use it to dig up personal financing, including "parcel numbers from tax filings," according to the report.
Sensitive data belonging to an organization may also be up for grabs when an employee uses multiple devices or accesses information from a home computer.
About 70% of internet traffic is through mobile devices, which are the most susceptible to unauthorized access. Endpoint security costs companies more than $5 million annually, so laying out the foundation for basic employee security knowledge is vital.
Before a hacker can plant malware on a device, Exabeam suggests working in incognito mode, though the user loses access to customized sites and suggestions. Disabling cookies will stop any attempted exploitation, but as a result, sites could face performance issues.