“On this World Wide Web Day, it’s important to recognise the significant strides made in web browser security. Towards the earlier part of this century, browsers were problematic, as flaws in Microsoft Internet Explorer, the most popular browser at the time, as well as browser plug-ins like Microsoft ActiveX and Adobe Flash, provided attackers with reliable entry points onto the systems of internet users.
“Decades later, through improvements in technology such as sandboxing, which isolates the ability to access the underlying system, cybercriminals have broadly pivoted away from web browsers as a primary threat vector. That said, advanced persistent threat (APT) groups remain determined to find what is known as vulnerability chains, which pair two or more vulnerabilities, to escape browser sandboxes and reach the underlying system. These APT groups aren’t interested in targeting the average consumer.
“While web browsers were the de facto way of accessing the world wide web, the evolution of mobile phones has also evolved how we interact with the web, primarily through the use of apps. Now, threat actors may develop malicious apps and post them on official and unofficial app stores, which can enable them to financially benefit from their victims by signing them up for premium services or stealing sensitive information from their devices.” Satnam Narang, Sr. Staff Research Engineer, Tenable.