GATEKEEPER BLOG

Malicious browser.

Malicious Browser Extensions Contribute to Insider Threats

Network administrators have a unique challenge providing users with an efficient working environment that also protects against network threats. Most administrators block random installations. But this can be a problem when users need to customize their desktops to work productively. This customized environment includes the ability to add browser extensions. But these small programs can lead to unintended malware installed on the user’s desktop.

Some extensions are impossible for the average user to remove.

A recent issue was a hard-to-remove extension. The extension doesn’t seem to harm the local computer. But it randomly clicks YouTube videos to overinflate the number of views seen on a user’s YouTube channel. The extension — named Tiempo en colombia en vivo — was installed 11,000 times. Google eventually removed it from its website. Tests done by Malwarebytes show that it’s persistent and written to avoid removal.

The discovery comes only a few weeks after the popular Change HTTP Request Headers extension was found to have malicious code embedded in it. Customers downloaded the plugin 500,000 times. The plugin brought users to particular advertising sites. It was part of a scam to earn click rewards through pay-per-click advertisers.

Both Tiempo en colombia en vivo and Change HTTP Request Headers silently accessed the web when user desktops were connected to the Internet. Although their activities were to artificially inflate web activity, because the code runs on the local machine other types of activity are possible. Some extensions steal data input, which makes them a part of insider threats should a user type credentials to the web while having the extension installed.

Insider threats are a growing concern for corporations.

Insider threats take up a large percentage of common cyber security issues for the enterprise environment. In 2017, three main ransomware attacks caused outages across the globe. Users installed software or ran malicious scripts on their machines. Particularly, Bad Rabbit’s initial vector was alerting users that they needed to update Flash to view website content. Users then downloaded the software and willingly installed the drive-by malware. Read about more Chrome and Firefox exploits.

Recent ransomware attacks started from users installing malware.

All three ransomware attacks last year — WannaCry, NotPetya and Bad Rabbit — started their attacks from users installing malware. NotPetya was particularly nasty because its aim was to encrypt the master boot record of the user’s hard drive with no way to recovery.

In 2018, it’s now more important than ever to take strong precautions to protect the local network from insider threats. Not all vulnerabilities come from negligence. They also stem from corporate espionage campaigns or disgruntled employees with malicious intent. These types of threats are difficult to defend against because you’re not looking for an outsider hacking attempt. Instead, you need to defend and monitor from users that have legitimate access to network resources.

How to mitigate insider threats to network security.

You can implement high-level permissions on desktops disallowing any installations. But this is difficult to do when users need access to install preferred tools. One way insider threats propagate is when users leave their desktops unlocked and an attacker is able to access their computer while they’re away. When this happens, saved passwords only further exacerbate the problem.

GateKeeper takes away virtually all threats from intruders gaining access to local machines and web passwords (such as banking and social media logins) from unlocked desktops. Identify who is logging in to which computer at any time. Get clean audit logs of logins, even on shared Windows PCs. Prevent tailgating risks by auto-locking workstations when authorized users leave. don’t rely on timeout policies to lock computers.

It also stops social engineering attempts when attackers are able to gain access to the physical location. This is where you don’t want them finding unlocked desktops within the enterprise. If you don’t have defenses against insider threats, it’s time to take precautions.

Capterra Best Value for Authentication Jun-20
Capterra Ease of Use for Authentication Jun-20

See GateKeeper Enterprise advanced MFA in action.

Take a self-guided tour of how you can evolve from passwords. Then you're really saving time with automation.