In a new report titled Malicious Injections: The Tip of the Spear for Browser Threats, researchers with security firm RiskIQ predict that browser-based attacks will be a significant portion of the threat landscape for years to come, and will continue to cause major problems.
What do these attacks all have in common? Malicious injects targeting locally installed browsers. “Internet browsers are proving an invaluable attack vector for criminals,” the report concludes.
The point of injecting malicious scripts is to have the local browser dutifully execute code on the user’s machine. Attackers aim either to inject a piece of script into a web page directly or to inject a remote script (resources) into the page.
The report documents the top six techniques that they use to achieve either direct and remote injects:
Tacking it On
This is the most common method of adding malicious code to a page and can be done by injecting a malicious script in a