Browsers pose the greatest threat to enterprise, Microsoft reports

Microsoft's latest Security Intelligence Report s based on data collected in the last half of 2012 from a billion Windows computers in more than 100 countries

Microsoft's latest security report has found that Web-based attacks pose the greatest threat to companies, giving credence to efforts to develop browser alternatives to accessing the Internet.

Microsoft's latest Security Intelligence Report s based on data collected in the last half of 2012 from a billion Windows computers in more than 100 countries. The data was collected through Microsoft's Malicious Software Removal Tool, Microsoft's real-time endpoint protection products, Hotmail accounts and Bing.

A key finding is that browser attacks became the greatest threat to enterprise networks, surpassing Conficker, a computer worm that infected more computers than any other since 2003's Welchia. At its height, the self-propagating malware that exploits flaws in Windows software infected millions of computers in homes, businesses and government agencies in more than 200 countries.

Today, Conficker has taken a backseat to Web-based attacks through the browser. The use of malicious JavaScript code and HTML inline frames (iFrames) topped the list of exploits. Both have gained in popularity because of the development tools available through the BlackHole exploit kit popular with cybercriminals.

The use of iFrames registered a multi-quarter decline until the fourth quarter of last year, when detection rates nearly doubled, Microsoft said. Hackers who embed iFrames in Web pages use them to link to pages that host malware. Seven in 10 threats affecting enterprises were delivered through malicious websites, according to Microsoft.

Attackers have been increasingly targeting the browser over the last couple of years, so it's no surprise that these types of exploits would eventually take the lead. The trend points to the need to develop a different mechanism for interacting with the Web.

While Microsoft remains committed to Internet Explorer, the company is experimenting with a client-side architecture that would replace the browser with a more secure virtualized environment that isolates Web applications. Called Embassies, the technology would have applications run in low-level, native-code containers that would use Internet addresses for all external communications with other applications.

"Reducing the power and access of the browser to the OS is a great way to minimize the attack possibilities of the hacker," said Wolfgang Kandek, chief technology officer for Qualys.

On smartphones and tablets, the browser has become less important because of native apps that connect directly to the Internet, thereby offering a smaller attack surface.

On the PC, companies can bolster browser security by always using the latest version and minimizing the use of plugins, particularly Java and Adobe Reader. In addition, filtering Web browsing through a third-party service that track malicious URLs is also recommended, along with user education about Web threats.

The second most popular exploit was PDF and Word documents, followed by Java and the Windows operating system, respectively.

[Also see: 10 ways to secure browing in the enterprise]

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.

Tags MicrosoftcybercrimelegalintelsoftwareapplicationsbingBrowsers & Clientsbrowser securityData Protection | MalwareEmbassies

Show Comments