Do you or others in your organization use Google Chrome or Mozilla Firefox browser extensions?
Many of us do. Often they have incredibly-useful features, such as ad-blocking, advanced searching, reducing page-load times, and much more.
But did you ever wonder if they could be used like a Trojan horse, presenting a friendly and helpful exterior while stealing your private information in the background?
Over 500,000 Chrome users just found out the hard way that this is indeed possible.
In mid-January 2018, the US-based cyber-security firm, ICEBERG, reported that four seemingly-harmless Google Chrome browser extensions had malicious code embedded within their designs to allow for stealing of private data.
Fortunately for these half-million users, it seems the nefarious code was only used to visit web ads in the background, something known as “click fraud.” These users were using the offending extensions and benefiting from the helpful features that the extensions offered, unaware their systems were being hijacked to help commit fraudulent activity. (Click fraud is often used for SEO manipulation and to steal money from advertisers through an ecosystem of fraudulent sites and click agents.)
So how does this relate to network security?
Web ad fraud sounds relatively harmless when compared to the big issues cyber-security professionals face every day. Fortunately, these extensions were not more malicious.
The ICEBERG report suggests these extensions possess the potential to cause significantly more damage. The report stated:
“The same capability could also be used by the threat actor to browse internal sites of victim networks, effectively bypassing perimeter controls that are meant to protect internal assets from external parties.”
Since most firewalls only defend against incoming traffic, these types of Trojans could be easily used to download viruses or export user credentials and discovered data to a hacker thousands of miles away.
This shows how easily Trojans can get behind a firewall, calling into question the security of using browser extensions at all. 500,000 users were impacted by this before it was discovered by an external cyber-security agency.
We trust institutions, like the official Google Chrome Web Store, to be safe harbors to download software. But these kinds of breaches are becoming far too common to ignore.
Most organizations do their best to protect themselves from threats coming from outside, but what about the threats we unwittingly invite in?
- How many users in your organization are using these seemingly-innocuous browser extensions?
- Do you have tools in place to detect these sorts of security breaches and attacks?
- How can you find them and eliminate them before irreparable harm is caused?
The good news is that the same technology ICEBERG used to detect these attacks (by tracking a large uptick in usage from affected users) can be used on a smaller scale. With the right tools, these kinds of breaches can be caught much sooner, massively limiting their potential damage.