The Seattle-based ICEBRG's Security Research Team discoveredfour malicious Google Chrome extensions affecting some 500,000users. These provide a substantial pool of resources to use forfraudulent purposes and financial theft.
|While performing a routine investigation of anomalous traffic,ICEBRG's SRT detected a suspicious spike in outbound networktraffic from a customer workstation prompting an investigationleading to the discovery of harmful Google Chrome extensions, which could affectworkstations within major organizations, including financialinstitutions, globally.
|The ICEBRG research team, Justin Warner, principal securityengineer and Mario De Tore, technical director, security researchand operations, revealed their findings in a blog. “While theseweb-based applications can enhance the user's overall experience,they also pose a threat to workstation security with the ability toinject and execute arbitrary code.” The SRT asserted to a motivatedthreat actor, this approach presents a range of opportunities, fromco-opting enterprise resources for advertising click-fraud toleveraging a user's workstation as a foothold into the enterprisenetwork.
|Click fraud campaigns allow a malicious party to receiverevenue by compelling victim systems to visit advertising sitesthat pay per click. Threat actors could also use the samecapability to browse internal sites of victim networks, bypassingperimeter controls intended to defend internal assets from externalparties.
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Critical CUTimes.com information including comprehensive product and service provider listings via the Marketplace Directory, CU Careers, resources from industry leaders, webcasts, and breaking news, analysis and more with our informative Newsletters.
- Exclusive discounts on ALM and CU Times events.
- Access to other award-winning ALM websites including Law.com and GlobeSt.com.
Already have an account? Sign In
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
