onibrowser
Version:
A browser in the browser
399 lines (393 loc) • 17.5 kB
HTML
<meta charset=utf-8>
<meta name=viewport content=width=device-width,initial-scale=1,user-scalable=no>
<meta name=supported-color-schemes content="light dark">
<meta name=color-schemes content="light dark">
<meta name=description
content="BrowserGap puts you first with the most familiar and secure browser isolation serivce, while our remote and fully isolated cloud browsers protect your network.">
<meta name=author content="BrowserGap">
<meta name=copright content="The Dosyago Corporation, Newark, DE">
<meta name=robots content="index,follow">
<!-- aux meta -->
<!-- Twitter -->
<meta property="twitter:card" content="summary_large_image">
<meta property="twitter:url" content="https://browsergap.xyz/">
<meta property="twitter:title" content="BrowserGap. Remote browser isolation.">
<meta property="twitter:description" content="BrowserGap puts you first with the most familiar and secure browser isolation serivce, while our remote and fully isolated cloud browsers protect your network.">
<meta property="twitter:image" content="https://browsergap.xyz/images/3rd-party/undraw/security.svg">
<!-- Open Graph / Facebook -->
<meta property="og:type" content="website">
<meta property="og:url" content="https://browsergap.xyz">
<meta property="og:title" content="BrowserGap. Remote browser isolation.">
<meta property="og:description" content="BrowserGap puts you first with the most familiar and secure browser isolation serivce, while our remote and fully isolated cloud browsers protect your network.">
<meta property="og:image" content="https://browsergap.xyz/images/3rd-party/undraw/security.svg">
<title>
BrowserGap — Case Study: 100s of Company Computers Infected by Web Malware
</title>
<link rel=stylesheet href=/styles/main.css>
<link rel=stylesheet href=/styles/logo.css>
<header role=banner aria-label="Page header when page is scrolled to the top">
<nav>
<a class=drawer href=#main-menu-open>☰</a>
<a class=logo-link href=/>
<aside class=logo>
<h1>
<span class=browser>
<span class=inner>
Browser
</span>
</span>
<span class=gap>
<span class=inner>
Gap
</span>
</span>
</h1>
</aside>
</a>
<ul id=main-menu-open>
<li>
<a href=#top class=drawer>Close</a>
</li>
<li>
<a href=/pages/remote-cloud-browser-service.html#cloud-browsers>
Cloud browsers
</a>
</li>
<li>
<a href=/pages/per-seat-subscription-pricing.html#pricing>
Pricing
</a>
</li>
<li>
<a href=/pages/five-elements-technology-reading-room.html#five-elements>
Five Elements
</a>
</li>
<li>
<a href=/pages/tutorials-and-support-reading-room.html#reading-room>
Reading Room
</a>
</li>
<li class=for-button>
<a href=#membership-application class="register toggle-opener">
<span class=verbose-name>
Membership Application
</span>
</a>
</li>
</ul>
</nav>
<form method=POST
action=https://formspree.io/cris@dosyago.com
id=membership-application class=registration>
<input type=hidden name=subject value="Membership Application for BrowserGap">
<fieldset role=dialog>
<legend>Membership Application</legend>
<p>
<label>
Salutation
<input autofocus required type=text autocomplete=honorific-prefix
list=honorifics
maxlength=50
name=salutation placeholder="Major">
</input>
</label>
<label>
Your given name
<input type=text autocomplete=given-name
maxlength=100
name=given-name placeholder="Motoko">
</label>
<label>
Your family name
<input required type=text autocomplete=family-name
maxlength=100
name=family-name placeholder="Kusanagi">
</label>
<p>
<label>
Your organization
<input type=text autocomplete=organization
maxlength=100
name=organization placeholder="Public Security Section 9">
</label>
<label>
Your work email
<input required type=email autocomplete=email
maxlength=128
name=email placeholder="major@sec9.neotokyo.go.jp">
</label>
<p>
<label>
Your timezone
<input required type=text autocomplete=on
maxlength=64
name=timezone placeholder="GMT+9">
</label>
<p>
<label>
How many employees need browser isolation?
<input name=scale type=number min=1 placeholder=300>
</label>
<p class=legal-agree>
<label>
<input required type=checkbox name=agree>
I agree to the terms and conditions, privacy policy, data protection statement and consent to be contacted about this service.
</label>
<p>
<button>Submit request</button>
<br>
<a class=cancel href=#top>I'm happy with my current solution.</a>
</fieldset>
</form>
<form id=account-login method=GET action=#login class=authentication>
<fieldset role=dialog>
<p>
<label>
Login email
<input autofocus required type=email
maxlength=128
name=email placeholder="major@sec9.neotokyo.go.jp">
</label>
<p>
<label>
Login password
<input required type=password
maxlength=128
name=password placeholder="**********************">
</label>
<p>
<button>Login</button>
<a class=cancel href=#top>Not now</a>
</fieldset>
</form>
</header>
<main>
<div class=header-background>
<header role=banner aria-label="Page header after scrolling page down past the top">
<nav>
<a class=drawer href=#main-menu-open>☰</a>
<a class=logo-link href=/>
<aside class=logo>
<h1>
<span class=browser>
<span class=inner>
Browser
</span>
</span>
<span class=gap>
<span class=inner>
Gap
</span>
</span>
</h1>
</aside>
</a>
<ul>
<li>
<a href=#top class=drawer>Close</a>
</li>
<li>
<a href=/pages/remote-cloud-browser-service.html#cloud-browsers>
Cloud browsers
</a>
</li>
<li>
<a href=/pages/per-seat-subscription-pricing.html#pricing>
Pricing
</a>
</li>
<li>
<a href=/pages/five-elements-technology-reading-room.html#five-elements>
Five Elements
</a>
</li>
<li>
<a href=/pages/tutorials-and-support-reading-room.html#reading-room>
Reading Room
</a>
</li>
<li>
<a href=#membership-application class="register toggle-opener">
<span class=verbose-name>
Membership Application
</span>
</a>
</li>
</ul>
</nav>
</header>
</div>
<div class=diagonal-background></div>
<section class=content>
<section class=introduction tabindex=0>
<div class=story>
<h1>Case Study: 100s of Company Computers Infected by Web Malware</h1>
<p>
Attackers use company's own corporate website to deliver malware to employees machines through their browser.
</p>
</div>
<div class=graphic>
<img src=/images/3rd-party/undraw/team.svg>
</div>
</section>
</section>
<div class=wrapper>
<section class=content>
<section class=case-study>
<div class=document>
<h1>Introduction</h1>
<p>
This widespread compromise of a large UK company's internal network originated from an exploit hosted on their externally-managed corporate website. This was achieved as a result of poor security practices by the website provider. The attackers used a commonly available RAT to gain information about the internal network and control a number of computers. The widespread malware infection took extensive effort to eradicate and remediate.
<h1>How it happened: the technical details</h1>
<p>
As part of their survey of the victim's network and services, attackers discovered that the corporate website
was hosted by a service provider, and it contained a known vulnerability. In the survey stage of the attack on
the service provider, the attackers exploited this vulnerability to add a specialised exploit delivery script to
the corporate website.
<p>
The script compared the IP addresses of the website's visitors against the IP range used by the company. It
then infected a number of computers within the company, taking advantage of a known software flaw, to
download malware to the visitor's computer within a directory that allowed file execution.
Over 300 computers were infected during the delivery stage with remote access malware. The malware then
beaconed and delivered network information to attacker-owned domains. The attackers were eventually
detected early in the affect stage. By this time they had installed further tools and were consolidating their
position, carrying out network enumeration and identifying high value users.
<p>
Whilst the compromise was successful, it was detected through network security monitoring, and a welldefined incident response plan made it possible to investigate the incident using system and network logs,
plus forensic examinations of many computers.
To eradicate the discovered infection it was necessary, at great cost, to return the computers to a known
good state. Further investigation was also required to identify any further malware that could be used to
retain network access. To prevent further attacks through the same route, the contract terms with the
website provider needed to be renegotiated, to ensure they had similar security standards to the targeted
organisation.
<h1>Capabilities, vulnerabilities and mitigations</h1>
<p>
The attackers used a combination of automated scanning tools, exploit kits and technology-specific attacks
to compromise the organisation. They took advantage of a known software flaw and the trust relationship
between the company and its supplier.
<p>
The intensive and costly investigation and remediation of the compromise could have been averted by more
effective implementation of the following cyber security controls:
<p>
<ul>
<li>
patching - the corporate website would have not been compromised, nor would the malware
download script have succeeded, had patching on both the web server and users’ computers been
up to date
</li>
<li>
network perimeter defences - the malware could have been prevented from being downloaded and
the command and control might not have succeeded with the use of two-way web filtering, content
checking and firewall policies (as part of the internet gateway structure)
</li>
<li>
whitelisting and execution control - unauthorised executables such as the exploration tools would
have been unable to run if the company's corporate computers were subject to whitelisting and
execution control (this could also prevent applications from being able to run from the temporary or
personal profile folders)
</li>
<li>
security monitoring - may have detected the compromise at an earlier stage
</li>
</ul>
<p>
Original source: <cite><a target=_blank href=https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/400106/Common_Cyber_Attacks-Reducing_The_Impact.pdf>Common Cyber Attacks: Reducing The Impact</a></cite>, GCHQ Communications-Electronics Security Group, 2015, pp. 14 - 15.
</div>
</section>
</section>
<footer>
<author>
<aside class=logo>
<h1>
<span class=browser>
<span class=inner>
Browser
</span>
</span>
<span class=gap>
<span class=inner>
Gap
</span>
</span>
</h1>
</aside>
<p>
The simplest and best browser isolation
platform. We provide completely isolated, fully managed,
fully hosted, remote cloud browsers, via our fault-tolerant
browser-as-a-service infrastructure.
</p>
<p>
<cite>
Copyright © 2012 - 2019
The Dosyago Corporation,
All rights reserved.
</cite>
</p>
</author>
<nav>
<ul>
<h1>Need help?</h1>
<li>
<a href=mailto:support@browsergap.xyz>
Get support
</a>
</li>
<li>
<a href=/pages/training-and-tutorials.html>
Training & Tutorials
</a>
</li>
</ul>
<ul>
<h1>Company</h1>
<li>
<a href=/pages/about-browsergap.html>
About us
</a>
</li>
<li>
<a href=mailto:resume@browsergap.xyz>
Careers
</a>
</li>
<li>
<a href=mailto:contact@browsergap.xyz>
Contact
</a>
</li>
</ul>
<ul>
<h1>Legal Room</h1>
<li>
<a href=/pages/legal-room/terms.html>
Terms of service
</a>
</li>
<li>
<a href=/pages/legal-room/privacy.html>
Privacy policy
</a>
</li>
<li>
<a href=/pages/legal-room/security-responsible-vulnerability-disclosure-policy.html>
Security
</a>
</li>
</ul>
</nav>
<a id=authentication href=#account-login class="authenticate toggle-opener">
Member Login
</a>
</footer>
</div>
</main>
<datalist id=honorifics>
<option value="Mr">
<option value="Mrs">
<option value="Ms">
</datalist>
<script defer async src=/scripts/currentPageAnchor.js></script>
<script defer async src=/scripts/populateHonorifics.js></script>