Spear-phishing solutions company SlashNext recommended increased security oversight at the browser level to avoid malware in a report released earlier this week.
In a damning report, the company confirmed that an estimated 50,000 new spear phishing sites come online everyday, with many attaching themselves to trusted existing infrastructure.
These include “Spark[.]adobe[.]com, dropbox[.]com, onedrive[.]live.com app[.]box[.]com, and alchemy[.]com to just name a few”, the company suggested.
This makes all internet users vulnerable as you could be exposed to malware even even while on a verified and trusted domain.
The problem doesn’t end there, as the typical processes that companies and individuals would take to protect their systems are unable to keep up to date with the rate of change exhibited by cyber criminals.
“Secure web gateways, URL filtering, legacy malware protection, browser isolation, and internet policies are all strategies to defend users from web threats, but they are struggling to keep pace with fast-moving web-based phishing threats, leaving corporations exposed to ransomware,” the company said.
In fact, SlashNext even rejected the notion that simple browser extensions afford enough protection to keep systems protected from attackers.
“Browser extensions can be hijacked. All major web browsers, including Google Chrome, automatically updates a user’s installed browser extensions when new versions are available. When a developer’s account is compromised, it can be used to push malicious updates to already installed extensions, as was the case with a popular Web Developer extension for Chrome.”
Unfortunately for users, some 80 per cent of these attacks can result in theft of data.
The company recommends ensuring that anti-malware protection is installed on your device to ensure ongoing scrutiny of any downloads.