Executive Summary
- As part of our blog series on malware, in this guide we’ll take a look at browser hijacking attacks.
- Browser hijacks significantly compromise the cybersecurity of a business, opening the door to stolen data, financial damage, unwanted browsing behaviour, and worse.
- We’ll explore what browser hijacking is, how it happens, the risks it poses, and how you can prevent or eliminate this type of malware in your business.
Introduction
Cast your mind back, if you can, to the very earliest days of the internet.
Yahoo! was reigning supreme, Google was a glint in an entrepreneur’s eye, and Ask Jeeves was still a thing.
If you remember that, you might also remember the garish browser toolbars which somehow found their way into every copy of Internet Explorer.
Whatever happened to those? The truth is, they never went away — they just evolved. And part of that evolution has resulted in a type of malware called browser hijacking.
Let’s take a closer look at exactly what this type of attack is and explain what to do if you discover that your browser has fallen victim to a hijacking.
What is browser hijacking?
At its most basic level – just as the name suggests – browser hijacking attack occurs when a form of malicious software infects a browser and takes control in some way.
We’ll go into detail on how such an attack manifests itself later in the guide, but, broadly speaking, an attacker who hijacks a browser will have one of these aims:
- To redirect the user to a website of the attacker’s choosing, either to steal data via phishing or to drive advertising revenue on the site
- To display unwanted ads to the user
- To spy on or steal data from users by monitoring or recording browser activity
- To replace the default homepage or search engine of a web browser
Because browser hijacking is quite wide-ranging in its aims, it’s impossible to give a one-size-fits-all answer to this question. But the common thread? Browser hijacking is always unwanted and always a security risk – especially for businesses.
How do browsers become hijacked?
Just like any form of malware, the most common reason that browsers suffer hijacking attacks is, sadly, human error.
We’ve mentioned this a few times before, but even the most secure system in the world is vulnerable to someone making a simple mistake — like using an easily guessed password such as “opensesame”.
Taking advantage of this fact, attackers might use any of these tactics to smuggle browser hijacking software aboard a company’s computers:
- A phishing attack via an email attachment which appears genuine. This is also known as a trojan horse attack.
- The installation of a fraudulent browser extension which does a little more than it claims.
- Installing a browser toolbar without first reading the terms and conditions.
The running thread here should be quite clear: it’s not always the case that browser hijacks are “attacks” by definition. For example, if a user knowingly installs an extension without reading the small print, it may be perfectly legal for that extension to redirect traffic or display ads.
Boring as it may be, it always pays to read the small print.
How to identify a browser hijacking attack
Browser hijacking paints such a broad brush that actually identifying an attack isn’t always straightforward.
For every case of a hijack blatantly redirecting web traffic to a spammy ad-riddled page, there’s another case of a more subtle infection which sends a pop-up ad once every day or two. This spectrum of severity makes it difficult to pin down exactly when your browser has fallen victim to a hijack.
That said, there are a few signs you can look out for which will give you the nod that something’s not right.
- Your browser homepage has been changed to something you didn’t choose.
- You find yourself frequently redirected to spammy or ad-filled websites without requesting to them yourself.
- Your browser settings keep changing, even after you change them back.
- The appearance of toolbars at the top of the browser which you didn’t install.
- Searches redirected to a different search engine.
As with many things around cybersecurity, identifying a browser hijacking attack is all about common sense. If something doesn’t feel right, it probably isn’t. If you’re a business owner or manager, it’s a very good idea to educate your teams on these key signs of browser hijacking, because the sooner an attack is dealt with, the less damage will be done.
Protecting your business against browser hijacking
At this point, you may be understandably concerned about the potential impact of browser hijacking attacks. After all, they represent an uninvited third-party accessing your private data.
They are particularly concerning if you have a large, distributed workforce, because it only takes one individual to fall for a simple phishing email to infect a browser and potentially expose the company to cyberattacks.
But there’s good news, too.
On top of education, which we’ve already covered, you can also deploy sophisticated cybersecurity software to protect your business. Regular antivirus solutions are not always effective against browser hijacking attacks – mainly because they’re not technically viruses, and so can evade retroactive virus filters – but an EDR platform can help.
EDR, or Endpoint Detection and Response, is an advanced form of cyberthreat protection built with machine learning and artificial intelligence. Which is really just a fancy way of saying it’s incredibly smart.
EDR will actively monitor all your computer systems for any activity which it deems unusual or out of the ordinary. This includes the installation of unknown toolbars, the unexpected redirection of web traffic, and more. Even better, an EDR system can roll back any changes made by a hijack, so even if you can’t manually repair a browser, there’s a good chance an EDR system can.
At Get Support, we recommend the SentinelOne EDR platform. Learn more about it in our comprehensive guide to discover how it can protect your business against browser hijacking and much more.
Keep your browser – and your business – safe with Get Support
We hope this in-depth guide has given you the info you need to tackle or prevent a browser hijacking attack. While rare, they can be damaging, especially if your business data is the target.
To learn more about cyberattacks and the common types of malware small businesses must content with, be sure to check out these articles:
Until next time, don’t forget that the Get Support team is here to help you prevent, diagnose, and eliminate cyberthreats.
If you’d like to learn more about how we can help, drop us a line today on 01865 59 4000 or just fill out the form below.