UNPKG

onibrowser

Version:
399 lines (393 loc) 17.5 kB
<!DOCTYPE html> <meta charset=utf-8> <meta name=viewport content=width=device-width,initial-scale=1,user-scalable=no> <meta name=supported-color-schemes content="light dark"> <meta name=color-schemes content="light dark"> <meta name=description content="BrowserGap puts you first with the most familiar and secure browser isolation serivce, while our remote and fully isolated cloud browsers protect your network."> <meta name=author content="BrowserGap"> <meta name=copright content="The Dosyago Corporation, Newark, DE"> <meta name=robots content="index,follow"> <!-- aux meta --> <!-- Twitter --> <meta property="twitter:card" content="summary_large_image"> <meta property="twitter:url" content="https://browsergap.xyz/"> <meta property="twitter:title" content="BrowserGap. Remote browser isolation."> <meta property="twitter:description" content="BrowserGap puts you first with the most familiar and secure browser isolation serivce, while our remote and fully isolated cloud browsers protect your network."> <meta property="twitter:image" content="https://browsergap.xyz/images/3rd-party/undraw/security.svg"> <!-- Open Graph / Facebook --> <meta property="og:type" content="website"> <meta property="og:url" content="https://browsergap.xyz"> <meta property="og:title" content="BrowserGap. Remote browser isolation."> <meta property="og:description" content="BrowserGap puts you first with the most familiar and secure browser isolation serivce, while our remote and fully isolated cloud browsers protect your network."> <meta property="og:image" content="https://browsergap.xyz/images/3rd-party/undraw/security.svg"> <title> BrowserGap &mdash; Case Study: 100s of Company Computers Infected by Web Malware </title> <link rel=stylesheet href=/styles/main.css> <link rel=stylesheet href=/styles/logo.css> <header role=banner aria-label="Page header when page is scrolled to the top"> <nav> <a class=drawer href=#main-menu-open>&#x2630;</a> <a class=logo-link href=/> <aside class=logo> <h1> <span class=browser> <span class=inner> Browser </span> </span> <span class=gap> <span class=inner> Gap </span> </span> </h1> </aside> </a> <ul id=main-menu-open> <li> <a href=#top class=drawer>Close</a> </li> <li> <a href=/pages/remote-cloud-browser-service.html#cloud-browsers> Cloud browsers </a> </li> <li> <a href=/pages/per-seat-subscription-pricing.html#pricing> Pricing </a> </li> <li> <a href=/pages/five-elements-technology-reading-room.html#five-elements> Five Elements </a> </li> <li> <a href=/pages/tutorials-and-support-reading-room.html#reading-room> Reading Room </a> </li> <li class=for-button> <a href=#membership-application class="register toggle-opener"> <span class=verbose-name> Membership&nbsp;Application </span> </a> </li> </ul> </nav> <form method=POST action=https://formspree.io/cris@dosyago.com id=membership-application class=registration> <input type=hidden name=subject value="Membership Application for BrowserGap"> <fieldset role=dialog> <legend>Membership Application</legend> <p> <label> Salutation <input autofocus required type=text autocomplete=honorific-prefix list=honorifics maxlength=50 name=salutation placeholder="Major"> </input> </label> <label> Your given name <input type=text autocomplete=given-name maxlength=100 name=given-name placeholder="Motoko"> </label> <label> Your family name <input required type=text autocomplete=family-name maxlength=100 name=family-name placeholder="Kusanagi"> </label> <p> <label> Your organization <input type=text autocomplete=organization maxlength=100 name=organization placeholder="Public Security Section 9"> </label> <label> Your work email <input required type=email autocomplete=email maxlength=128 name=email placeholder="major@sec9.neotokyo.go.jp"> </label> <p> <label> Your timezone <input required type=text autocomplete=on maxlength=64 name=timezone placeholder="GMT+9"> </label> <p> <label> How many employees need browser isolation? <input name=scale type=number min=1 placeholder=300> </label> <p class=legal-agree> <label> <input required type=checkbox name=agree> I agree to the terms and conditions, privacy policy, data protection statement and consent to be contacted about this service. </label> <p> <button>Submit request</button> <br> <a class=cancel href=#top>I'm happy with my current solution.</a> </fieldset> </form> <form id=account-login method=GET action=#login class=authentication> <fieldset role=dialog> <p> <label> Login email <input autofocus required type=email maxlength=128 name=email placeholder="major@sec9.neotokyo.go.jp"> </label> <p> <label> Login password <input required type=password maxlength=128 name=password placeholder="**********************"> </label> <p> <button>Login</button> <a class=cancel href=#top>Not now</a> </fieldset> </form> </header> <main> <div class=header-background> <header role=banner aria-label="Page header after scrolling page down past the top"> <nav> <a class=drawer href=#main-menu-open>&#x2630;</a> <a class=logo-link href=/> <aside class=logo> <h1> <span class=browser> <span class=inner> Browser </span> </span> <span class=gap> <span class=inner> Gap </span> </span> </h1> </aside> </a> <ul> <li> <a href=#top class=drawer>Close</a> </li> <li> <a href=/pages/remote-cloud-browser-service.html#cloud-browsers> Cloud browsers </a> </li> <li> <a href=/pages/per-seat-subscription-pricing.html#pricing> Pricing </a> </li> <li> <a href=/pages/five-elements-technology-reading-room.html#five-elements> Five Elements </a> </li> <li> <a href=/pages/tutorials-and-support-reading-room.html#reading-room> Reading Room </a> </li> <li> <a href=#membership-application class="register toggle-opener"> <span class=verbose-name> Membership&nbsp;Application </span> </a> </li> </ul> </nav> </header> </div> <div class=diagonal-background></div> <section class=content> <section class=introduction tabindex=0> <div class=story> <h1>Case Study: 100s of Company Computers Infected by Web Malware</h1> <p> Attackers use company's own corporate website to deliver malware to employees machines through their browser. </p> </div> <div class=graphic> <img src=/images/3rd-party/undraw/team.svg> </div> </section> </section> <div class=wrapper> <section class=content> <section class=case-study> <div class=document> <h1>Introduction</h1> <p> This widespread compromise of a large UK company's internal network originated from an exploit hosted on their externally-managed corporate website. This was achieved as a result of poor security practices by the website provider. The attackers used a commonly available RAT to gain information about the internal network and control a number of computers. The widespread malware infection took extensive effort to eradicate and remediate. <h1>How it happened: the technical details</h1> <p> As part of their survey of the victim's network and services, attackers discovered that the corporate website was hosted by a service provider, and it contained a known vulnerability. In the survey stage of the attack on the service provider, the attackers exploited this vulnerability to add a specialised exploit delivery script to the corporate website. <p> The script compared the IP addresses of the website's visitors against the IP range used by the company. It then infected a number of computers within the company, taking advantage of a known software flaw, to download malware to the visitor's computer within a directory that allowed file execution. Over 300 computers were infected during the delivery stage with remote access malware. The malware then beaconed and delivered network information to attacker-owned domains. The attackers were eventually detected early in the affect stage. By this time they had installed further tools and were consolidating their position, carrying out network enumeration and identifying high value users. <p> Whilst the compromise was successful, it was detected through network security monitoring, and a welldefined incident response plan made it possible to investigate the incident using system and network logs, plus forensic examinations of many computers. To eradicate the discovered infection it was necessary, at great cost, to return the computers to a known good state. Further investigation was also required to identify any further malware that could be used to retain network access. To prevent further attacks through the same route, the contract terms with the website provider needed to be renegotiated, to ensure they had similar security standards to the targeted organisation. <h1>Capabilities, vulnerabilities and mitigations</h1> <p> The attackers used a combination of automated scanning tools, exploit kits and technology-specific attacks to compromise the organisation. They took advantage of a known software flaw and the trust relationship between the company and its supplier. <p> The intensive and costly investigation and remediation of the compromise could have been averted by more effective implementation of the following cyber security controls: <p> <ul> <li> patching - the corporate website would have not been compromised, nor would the malware download script have succeeded, had patching on both the web server and users’ computers been up to date </li> <li> network perimeter defences - the malware could have been prevented from being downloaded and the command and control might not have succeeded with the use of two-way web filtering, content checking and firewall policies (as part of the internet gateway structure) </li> <li> whitelisting and execution control - unauthorised executables such as the exploration tools would have been unable to run if the company's corporate computers were subject to whitelisting and execution control (this could also prevent applications from being able to run from the temporary or personal profile folders) </li> <li> security monitoring - may have detected the compromise at an earlier stage </li> </ul> <p> Original source: <cite><a target=_blank href=https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/400106/Common_Cyber_Attacks-Reducing_The_Impact.pdf>Common Cyber Attacks: Reducing The Impact</a></cite>, GCHQ Communications-Electronics Security Group, 2015, pp. 14 - 15. </div> </section> </section> <footer> <author> <aside class=logo> <h1> <span class=browser> <span class=inner> Browser </span> </span> <span class=gap> <span class=inner> Gap </span> </span> </h1> </aside> <p> The simplest and best browser isolation platform. We provide completely isolated, fully managed, fully hosted, remote cloud browsers, via our fault-tolerant browser-as-a-service infrastructure. </p> <p> <cite> Copyright &copy; 2012 - 2019 The Dosyago Corporation, All rights reserved. </cite> </p> </author> <nav> <ul> <h1>Need help?</h1> <li> <a href=mailto:support@browsergap.xyz> Get support </a> </li> <li> <a href=/pages/training-and-tutorials.html> Training & Tutorials </a> </li> </ul> <ul> <h1>Company</h1> <li> <a href=/pages/about-browsergap.html> About us </a> </li> <li> <a href=mailto:resume@browsergap.xyz> Careers </a> </li> <li> <a href=mailto:contact@browsergap.xyz> Contact </a> </li> </ul> <ul> <h1>Legal Room</h1> <li> <a href=/pages/legal-room/terms.html> Terms of service </a> </li> <li> <a href=/pages/legal-room/privacy.html> Privacy policy </a> </li> <li> <a href=/pages/legal-room/security-responsible-vulnerability-disclosure-policy.html> Security </a> </li> </ul> </nav> <a id=authentication href=#account-login class="authenticate toggle-opener"> Member&nbsp;Login </a> </footer> </div> </main> <datalist id=honorifics> <option value="Mr"> <option value="Mrs"> <option value="Ms"> </datalist> <script defer async src=/scripts/currentPageAnchor.js></script> <script defer async src=/scripts/populateHonorifics.js></script>