Think Twice Before You Click to Save Credentials in a Web Browser

June 1, 2018 Stephen Lowing

It’s increasingly common: attackers target credentials stored within web browsers. Such attacks could happen on any of the well-known browsers that dominate the market today including Chrome, Firefox and Internet Explorer. The motivation and method behind the attacks vary, but the message is clear – browsers are a soft target on today’s hacker’s short list.

Why is this so?

Every browser offers a means to save credentials for online/web accessible systems. In fact, the option is frequently displayed as a pop-up box that highlights “save” as the default.

This simple, time-saving step encourages adoption of the feature. Users, after all, like the convenience of not having to enter credentials every time they visit their favorite website or frequently used system. The information stored in the browser is publicly available to programs that the user runs. But despite the convenience, there is a major downside: credentials saved in a browser are a natural target for phishing attacks and provide easy access to the targeted user’s systems.

As seen in the Vegas Stealer malware, there can be a hefty price to pay when users opt to press that “save credential” checkbox. Victims of this type of attack can unintentionally expose sensitive, browser-accessible IP. The malware is in use across multiple industries and particularly prevalent in marketing, advertising, public relations, retail and manufacturing. This is likely because these targets tend to have higher-than-average usage of 3rd party and SaaS solutions in operation.

Another credential stealing malware is the one targeting crypto-chat app Telegram. Once downloaded, the malware extracts browser credential data that allows restoring cache and maps files into an existing Telegram desktop installation. If the session was open, the attacker has the chance to access the victim’s session, contacts and previous chats without their knowledge.

Want to learn how to mitigate this risk without impacting your end-user systems?

Join us for a CyberArk On the Front Lines webcast titled “Protecting the Privileged Pathway: Learn how from demos of five attack scenarios that exploit privilege,” on June 5, 2018. There are two sessions that you can join: 9 a.m. and 2 p.m. ET.

During these sessions, our endpoint privileged access security experts will explain the finer points of how attackers use targeted phishing attacks to steal credentials with Mimikatz. They will also demonstrate several escalations, including browser credential harvesting. Attendees will gain best practices for mitigating risk using CyberArk Endpoint Privilege Manager. For those interested in learning how current, real-world attacks take place, along with ways to prevent them, this webcast is for you.

To learn more about how to mitigate attacks on endpoints across your enterprise, download our CyberArk Endpoint Privilege Manager datasheet.

Register today, and we’ll see you On the Front Lines!

Previous Article
Maximize Your Investments in Identity Governance and Privileged Access Security with CyberArk and SailPoint
Maximize Your Investments in Identity Governance and Privileged Access Security with CyberArk and SailPoint

To enhance the reliability and flexibility of an organization’s security stack, privileged access security ...

Next Article
VPNFilter Malware Shines Light on Router Risks and Possibilities
VPNFilter Malware Shines Light on Router Risks and Possibilities

Recently discovered VPNFilter malware has infected an estimated 500,000 routers in 54 countries. The FBI is...