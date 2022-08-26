As it is a kind of “gateway” to the digital world, web are of great importance in the lives of users. Consequently, cybercriminals end up taking advantage of this type of tool to carry out attacks against potential victims. Another attractive factor is the fact that the browsers can store a large amount of data over time – such as credentials, cookies and search history – which are of great interest to attackers. After all, what are the main types of threats that circulate on the internet and mainly affect browsers? TechSmart had access to a report created by ESET that mentions the risks and details them below.

Exploitable Vulnerabilities

One of the risks lies in attacks that exploit vulnerabilities in browsers and plugins installed on them. But there is a way to get started that can be identified externally: an email, an SMS or a message per app from phishing. These risks occur through access to a website compromised or controlled directly by the scammer. In practice, the crook uses the page to make you download malware onto your device.

Malicious add-ons and extensions

- Advertisement - Another security problem in browsers is in the famous extensions or add-ons. Several of them use privileged access permission to the browser. When they are of dubious origin, you can give permission for criminals to misuse the software. In other words, scammers distribute these plugins by simulating legitimacy, but their main objective is to steal data or download malware onto the victim’s device. Not to mention several other possibilities through the permissions obtained.

DNS usage

- Advertisement - Contamination by the Domain Name System (DNS) is another danger to Internet users. DNS is considered the online address book, responsible for converting domains into numerical (IP) addresses, that is, displaying the places they want to visit. Thus, when there are attacks on DNS entries saved on the computer or servers, attackers are able to redirect browsers to access malicious domains – among them are the websites of phishingwhere they may collect other sensitive user information.

ID hijacking

User session hijacking is yet another worrisome item in browsers. When starting a session, ID's are issued by websites and application servers. If criminals brute force identifiers, especially when they are not encrypted, it will be possible to impersonate the victim. This is another method focused on stealing personal data and banking information from the individual, which is broken down into other types of scam and fraud against the Internet user.

“Man in the Middle”

The call Man in the Middle occurs when criminals manage to get between the browser and the websites viewed. Thus, they are able to change the navigation and direct the user to a malicious website, where it can steal login credentials and hijack the person’s data – the so-called ransomware. One of the main scenarios for this situation occurs when the Internet user connects to public Wi-Fi networks, which are more unprotected and open a gap for attackers to stay in this “halfway” between the connection and the connected device.

web apps

Finally, there is the exploitation of web applications, a practice known as cross-site scripting. It exploits vulnerabilities in websites to run malicious scripts in a person’s browser. The attack in question does not encompass the ultimate objective. It is often used to insert malware or even run it on the victim’s machine.

How to protect yourself?