Why Target Browser Extensions?
How much time do you spend in your browser compared to just one or two years ago? If you’re a user of Office 365 or Google’s Gsuite or Gmail, the answer is probably a lot. Microsoft has been moving their products from single-purchase licenses to cloud-based subscriptions for years, and Microsoft, Google, Salesforce, Netsuite, Quickbooks, Dropbox, Box.com and thousands of other web-based applications have us spending more time in our browsers than ever before.
And when you consider that we also access banks, investment, and even government resources via the web, then it’s easy to see how being able to spy on what we do in our browser can be very valuable to a cyber criminal.
Browser extensions allow them to do that.
Couple these threats with the fact that even though most good IT policies limit the installation of executable software by individual users, too many IT companies still allow individual users to install browser extensions without limit.
What Harm Can Browser Extension Malware Do?
Let’s start with keyloggers, which can track every button-press and mouse click on your computer. That means credentials to all your online resources, including your email, company intranet, accounting system, banks, cloud-based storage can all be accessed by cyber criminals. Armed with your login information the damage could be unending.
A cyber-criminal with access to corporate email accounts can use social engineering to send emails to other corporate personnel asking them to supply other network credentials, or even re-route pending vendor payments to the criminal’s bank accounts.
The access could be used to infect a network with Ransomware, possibly forcing the payment of tens or hundreds of thousands of dollars in ransom.
Your client, vendor, prospect or patient lists could be stolen, resulting in huge fines or criminal penalties imposed not on the cyber-criminal, but on you and your company.
The list of ways you and your company could be harmed is truly endless.
How Extension Malware Gets Onto Your Computer
So how could browser extension malware actually get on your computer? Most browser extensions are legitimate and benign, but others created by unknown developers have the potential to either carry malware or create holes in your security that allows malware or prying eyes to creep in. So while you think you found a very useful plugin to solve a problem or simplify a task for you, what you don’t know is that the extension’s real purpose, which is something far more sinister.
Some cyber criminals purchase browser extension businesses from legitimate developers, then add their own malicious code, infecting all the existing users with their new malware. Others simply hack into a browser extension’s programming environment and implant malicious code there, where it may be distributed by a legitimate company without its knowledge.
Visiting an infected website can also force the installation of an extension onto your browser.
Can You Protect Yourself From Browser Extension Malware?
One of the reasons that browser extension malware is so bad is that it often goes undetected for a period of time. Most security systems don’t check for it, or do a very poor job of looking for it. Often a malicious extension will act benign immediately after installation in order to be trusted, resulting in endpoint protection systems allowing it to be installed. It’s only later that the danger is discovered. Monitoring systems like our state of the art SIEM system will then notice if the extension tries to send stolen data to some known bad place, but even this might be too late to prevent the actual breach.
At Digital Uppercut, we seldom rely on a single method for protecting our clients. That’s why in addition to all of our other security systems, we further protect our clients by creating strict group policies that prevent the installation of any browser extensions by individual users. All browser extensions are reviewed and their installation is centrally controlled.
Is your IT staff actively protecting you from browser extension malware? If you don’t know, you should ask. And if they don’t give you the answer you are looking for, call us and request a consultation. Let’s work together to protect you and your company from malware and cyber-criminals of all kinds. Use our contact form or call us at 818-913-1335.