The top security threat of 2013: the web browser.

January, 11, 2013 Branden Spikes

Something I've been preaching for a couple years, but is finally getting some well-deserved recognition among security authorities is that drive-by malware from web links is the #1 threat facing networks today.  

Europe's security authority, the ENISA came forward this week with the news that this threat is growing accross the board.  It's on the rise as a threat to mobile computing, social technology, critical infrastructure, cloud, and big data.  This means the biggest security gains are had by securing your browser people.  

The report is great, and worth a read if you're in the security industry.  But to expedite consumption, let me summarize by quoting the key findings from the report:

  • Drive-by downloads attacks against web browsers have become the top web threat. More specifically, attackers are moving into targeting browser plugins such as Java (Java exploits are the major cross-platform threat), Adobe Reader and Adobe Flash.
  • The drive-by download attacks are almost exclusively launched through compromised legitimate websites which are used by attackers to host malicious links and actual malicious code.
  • In May 2012, the first drive-by download for Android was spotted. This means that, apart from PCs, drive-by download attacks are a mobile threat as well.
  • Most of drive-by download attacks detected originate from cybercriminals who have adopted this exploitation technique and use it widely via exploit kits e.g. Blackhole.

This is something I've personally witnessed and have been telling people for years.  During my tenure as the chief of IT at PayPal and SpaceX I found that, despite sparing no expense on state-of-the-art security, the web drive-bys always got through our firewalls. There was, and continues to be, no way to 100% prevent this.  The US government and regulatory agencies are all looking at the impact of this to the nation.  Their proposed solutions involve censorship, restrictions, and overall loss of freedom on the Internet.

Now you know why our T-shirts say "Here We Come To Save The Web."

If I'm successful this year at preventing all web malware for our customers, and proving that it's possible to solve the #1 security threat with a little ingenuity  we will have done just that.

And cue the applause.  :)

Branden Spikes, CEO CTO and Founder, Spikes Security

Keep informed.