Attackers Are Targeting The Browser

In an increasingly digital landscape, web browsers serve as business-critical gateways to information, applications, and organizational resources. As reliance on browser-based tools continues to grow, so does the prevalence of threats targeting these platforms. From the abuse of legitimate platforms to the extensiveness of malicious ads, this article provides an overview of the most common browser-based threats observed in 2024.

1. Microsoft Phishing and Intermediary Steps

Attackers are constantly attempting to gain access to an organization’s data and infrastructure, so Microsoft phishing as the most common browser-based attack observed in 2024 may come as no surprise. However, the more surprising and insightful aspect of these attacks is the mechanisms frequently used: legitimate content-hosting platforms.

The Attack Mechanism: Attackers attempt to deliver an unsuspecting user to a malicious website by leveraging known and trusted platforms as intermediary phishing steps. Platforms include Google Docs, Canva, Airtable, and Microsoft Dynamics 365 Standalone Forms, just to name a few. Bad actors craft a phishing email with a link to attacker-created content—a doc, design, table, or form—on one of these legitimate platforms, but the content is prompting the user to click a link leading to a fake Microsoft login page designed to steal a victim’s credentials.

Why it’s Dangerous: These platforms and their domains are often trusted by both our technical controls and our human discernment. Microsoft Dynamics 365, for example, is a trusted, enterprise-level platform for customer engagement, and Canva is a tool often used by Marketing departments. This trust makes it easier for attackers to mask their phishing attempts as legitimate traffic and to persuade users to move through the phishing campaign. 

2. Notification Hijack Attempts 

Attempts to hijack a browser’s notifications are another prominent browser-based attack technique observed in 2024 and are used for socially engineering users into unknowingly performing some action that benefits a bad actor. While browser notifications can be innocuous and are part of marketing strategies for many legitimate sites, the same capability to send content like promotions, reminders, or updates to customers is also being abused by attackers  to launch spam campaigns, spread malware, and orchestrate larger-scale phishing attacks.

The Attack Mechanism: Browser notification hijack attempts typically begin with a malicious actor using social engineering or deceptive tactics—such as ‘prove you are not a robot’ prompts—persuading a user to allow notifications from the ill-intended website.

Why it’s Dangerous: Once a user unwittingly allows notifications, attackers gain the ability to push intrusive or harmful content directly to the user’s screen, via the browser. These browser notifications may contain malicious links, scam offers, or additional lures that drive users to phishing sites or malware downloads—all while bypassing email and other security controls.

3. Malvertisements on Search Engines

Search engines, such as Google and Bing, commonly display advertisements at or near the top of their search results. When a user searches Google for “dog food”, they may see ads purchased by and for different dog food brands. However, attackers are also purchasing advertisement space to have their malicious ad display in the first few search results. So when searching for Facebook or for an application or platform, a user may unknowingly click a malicious advertisement (a.k.a., a “malvertisement”) that redirects to a harmful website or downloads malware.

The Attack Mechanism: Attackers obtain paid space on advertising platforms to display malicious ads alongside legitimate ads and search listings. By using deceptive titles or keywords, or by imitating an ad for a legitimate site, malvertisements entice a user to click.

Why it’s Dangerous: Malvertisements appear alongside legitimate advertisements in search results, cloaking the malicious ad to also seem legitimate. However, once clicked, a malicious ad often directs the browser to malicious websites that may execute drive-by downloads or prompt users to divulge sensitive information. 

Conclusion: Proactively Secure The Browser

The abuse of legitimate platforms by phishing attacks, the exploitation of browser notifications, and the proliferation of malvertisements underscore the need for robust security measures and continuous monitoring of one of the most overlooked applications in an organization: the browser. As browser-based threats continue to evolve in complexity and prevalence, taking proactive security measures on the browser landscape can significantly reduce an organization’s risk of compromise to its digital assets and resources.

‍

Keep aware of these evolving threats in 2024 and beyond. To see potential threats that may be affecting your organization, schedule a demo with a team member or get started with a commitment-free pilot today. 

‍