Browsers pose the greatest threat to enterprise, Microsoft reports

Microsoft's latest Security Intelligence Report s based on data collected in the last half of 2012 from a billion Windows computers in more than 100 countries

Microsoft's latest security report has found that Web-based attacks pose the greatest threat to companies, giving credence to efforts to develop browser alternatives to accessing the Internet.

Microsoft's latest Security Intelligence Report s based on data collected in the last half of 2012 from a billion Windows computers in more than 100 countries. The data was collected through Microsoft's Malicious Software Removal Tool, Microsoft's real-time endpoint protection products, Hotmail accounts and Bing.

A key finding is that browser attacks became the greatest threat to enterprise networks, surpassing Conficker, a computer worm that infected more computers than any other since 2003's Welchia. At its height, the self-propagating malware that exploits flaws in Windows software infected millions of computers in homes, businesses and government agencies in more than 200 countries.

Today, Conficker has taken a backseat to Web-based attacks through the browser. The use of malicious JavaScript code and HTML inline frames (iFrames) topped the list of exploits. Both have gained in popularity because of the development tools available through the BlackHole exploit kit popular with cybercriminals.

The use of iFrames registered a multi-quarter decline until the fourth quarter of last year, when detection rates nearly doubled, Microsoft said. Hackers who embed iFrames in Web pages use them to link to pages that host malware. Seven in 10 threats affecting enterprises were delivered through malicious websites, according to Microsoft.

Attackers have been increasingly targeting the browser over the last couple of years, so it's no surprise that these types of exploits would eventually take the lead. The trend points to the need to develop a different mechanism for interacting with the Web.

While Microsoft remains committed to Internet Explorer, the company is experimenting with a client-side architecture that would replace the browser with a more secure virtualized environment that isolates Web applications. Called Embassies, the technology would have applications run in low-level, native-code containers that would use Internet addresses for all external communications with other applications.

"Reducing the power and access of the browser to the OS is a great way to minimize the attack possibilities of the hacker," said Wolfgang Kandek, chief technology officer for Qualys.

On smartphones and tablets, the browser has become less important because of native apps that connect directly to the Internet, thereby offering a smaller attack surface.

On the PC, companies can bolster browser security by always using the latest version and minimizing the use of plugins, particularly Java and Adobe Reader. In addition, filtering Web browsing through a third-party service that track malicious URLs is also recommended, along with user education about Web threats.

The second most popular exploit was PDF and Word documents, followed by Java and the Windows operating system, respectively.

[Also see: 10 ways to secure browing in the enterprise]

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.

Join the CSO newsletter!

Error: Please check your email address.

Tags Embassiesapplicationsbrowser securitybinglegalsoftwareintelBrowsers & Clientsdata protectioncybercrimeData Protection | MalwareMicrosoft

More about Adobe SystemsHotmailMicrosoftQualys

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place