Article Details

When Good Extensions Go Bad: Takeaways from the Campaign Targeting Browser Extensions. News has been making headlines over the weekend of the extensive attack campaign targeting browser extensions and injecting them with malicious code to steal user credentials. Currently, over 25 extensions, with an install base of over two million users, have been found to be compromised, and customers are now working to figure out their exposure (LayerX, one of the companies involved in protecting against malicious extensions is offering a complimentary service to audit and remediate organizations' exposure - to sign-up click here). While this is not the first attack to target browser extensions, the scope and sophistication of this campaign are a significant step up in terms of the threats posed by browser extensions and the risks they pose to organizations. Now that details of the attack have been publicized, users and organizations need to assess their risk exposure to this attack and to browser extensions in general. This article is aimed at helping organizations understand the risk posed by browser extensions, the implications of this attack, and actionable steps they can take to protect themselves (for an in-depth overview, see a detailed guide on protection against malicious browser extensions). Browser Extensions Are the Soft Underbelly of Web Security Browser extensions have become a ubiquitous part of the browsing experience, and many users often use such extensions to fix their spelling, find discount coupons, pin notes, and other productivity uses. However, most users don't realize that browser extensions are routinely granted extensive access permissions that can lead to severe data exposure should those permissions fall into the wrong hands. Common access permissions requested by extensions include access to sensitive user data such as cookies, identities, browsing data, text input, and more, which can lead to data exposure on the local endpoint and credential theft of user identities. This is particularly a risk to organizations since many organizations do not control what browser extensions users install on their endpoints, and credential theft of a corporate account can lead to exposure and a data breach at the organizational level. A New, More Dangerous Threat: Although the fallout from this attack campaign is still unfolding, and compromised extensions are still being discovered, there are a number of takeaways that can already be noted: How To Protect Your Organization: While many users and organizations are not aware of the potential risks associated with browser extensions, there are a number of key actions they can take to protect themselves: While browser extensions offer many productivity benefits, they also expand organizations' threat surface and risk of exposure. The recent attack campaign targeting browser extensions with malicious code should be a wake-up call for organizations to define their approach to protecting against malicious and compromised browser extensions. Click here to download a comprehensive guide on protecting against malicious browser extensions to help organizations fully understand the threat, why existing solutions don't provide adequate coverage, and how they can protect themselves.