The holidays are always a good time for hackers to strike. While we’re sipping champagne, they’re working overtime.
Research now shows that the Chinese hacker group DarkSpectre has been targeting the one piece of software we use constantly for almost everything: our browsers. For seven years, they’ve been infiltrating our browsers using extensions that seem useful at first glance. Think of tools for downloading videos, Zoom meeting assistants, or PDF converters.
THE PROBLEM?
These extensions, just like apps on your phone, need access to everything that happens in your browser. This allows them to constantly monitor your activity, see what’s in your bank account, and harvest usernames, passwords, and session cookies on a massive scale.
At least 8.8 million users have already been compromised, and that number is growing daily. For hackers, our browsers are veritable Ali Baba’s Caves, filled with digital treasures and the keys to our personal and business data.
The scary thing is that this isn’t about a lone hacker in his parents’ basement. This is an organized group playing the long game: they gather information, wait patiently, and then mercilessly attack the web applications you use. And well, MFA (Multi-Factor Authentication) isn’t going to save you here. These extensions are active both before and after authentication.
WHAT SHOULD YOU DO NOW?
- browser-hygiene first: Remove any extension you don’t explicitly trust. Do this on all browsers (including the Firefox you “almost never” use) and on your tablet.
- factory reset (optional): Back up your bookmarks and completely reset your browser. Start with a clean slate.
- limit your plugins: Be extremely critical. You can never be 100% certain whether a plugin is malicious, especially if the logic runs “in the cloud.”
- for organizations: Ensure you have control over the software your users install. Implement a policy and enforce it technically. Additionally, you can shield the command-and-control domains used for harvesting on your DNS server or firewall, but that’s a bit more complex.
Staying safe isn’t a product you buy; it’s a continuous process of attention and resilience. This also applies to your browser. Any comments, additional information, or tips? Feel free to leave them in the comments.
Need help becoming cybersecure and, more importantly, resilient? Feel free to contact me. Together with BA N.V. and the CYSSME consortium, we’ll make your organization truly cyber-resilient.
sources/reading material: Koi Security en IBM X-force
original post on LinkedIn