These days, almost every browser has a built-in password manager that can store login information for websites and services. In fact, the choice is typically shown as a pop-up window with the word "save" highlighted as the default.
Because of how quickly and easily this can be done, more people will likely start using the feature. After all, users appreciate not having to repeatedly input passwords when they access their preferred website or regularly used system. Data saved in a browser is accessible to any software the user installs. However, there is a huge drawback: With the right tools and techniques, cybercriminals may easily get access to a user's systems by stealing these valuable credentials from their browser.
A recent virtual discussion with Andy Thompson, Global Research Evangelist at CyberArk, presents a startling insight about how dangerous it is that major browsers are increasingly being targeted by malware and malicious actors.
A Concern for Everyone
Why should businesses consider browser vulnerabilities to be a big security risk? "It is quite easy to overcome authentications by obtaining credentials from the browsers," Andy said. The truth is that an intruder doesn't require admin access to exfiltrate passwords from a browser, steal cookies, or hijack web sessions.
This is an issue for society at large, not just corporations. The time has come for us to accept the reality that things have changed. With the rise of hybrid workplaces and work-from-home policies, traditional definitions of the secure perimeter of firewall no longer apply. Even at home, most people use a web browser, thus this is an issue for them as well.
"The corporations need to realise that the perimeter is not as safe as they thought it was, it is incredibly porous," Andy warned.
Ways Malware Steals Your Browser Credentials
The malware may steal your credentials in a number of ways. However, Andy noted that CyberArk research has identified five methods as the preferred strategy of these hackers. There are five techniques that regularly show up on CyberArk's radar, and they are:
Keylogging – Keeping a log of everything you type on a laptop, phone, or tablet. These are put to use to secretly track your online activities while you use your devices normally.
Stealing Password Files – The DPIP Encrypted password file stored on the disk can be easily retrieved (or stolen) without admin privileges on the machine.
In Memory Attacks – Stored in plain text within the browser's memory, such as passwords, session cookies, or other sensitive information. It can be breached with little effort.
Cookies Stealing – If an attacker manages to steal cookies and get access to a system, they can use the cookies to take over user sessions and even circumvent security measures.
Network-Based or Social Engineering-Based Attack – A psychological manipulation to trick users into making security mistakes or giving away sensitive information.
Default Password Manager is Inadequate
The Atlas VPN group has published data showing that Google Chrome, the most widely used browser in the world, is the most vulnerable browser this year. When presented with a question on how vulnerable browsers are. Andy's perspective, that application vulnerabilities aren't as big of an issue as we imagined, is a refreshing change of pace.
As Andy put it, "as long as you maintain patching and updating your browser version you should be OK." Andy followed by mentioning a few other safety measures and best practices, including:
Safe browsing – ensuring the sites you’re going to use TLS encryption.
Never use the built-in password manager. Use a legitimate password manager.
Clear your cookies regularly.
Multi-Factor Authentication (MFA) is critical.
Just as our conversation was winding down, I caught an especially pertinent remark from Andy, which I will use as the summing up of my piece. "While there is a broad array of maturity in Asia's cybersecurity, these basic safeguards and guidelines may significantly secure everyone."