SBN

MITRE ATT&CK: Browser bookmark discovery

Introduction

Someone’s browser bookmarks can tell a lot about that person. Bookmarks are a convenient way to dog-ear websites you want to view later and often involve personal interests. Depending on how much they are used, they can even give you a window to that person’s lifestyle. 

Attackers know this as well, and they often incorporate browser bookmarks into a source of relatively sensitive information in their plan of attack. What’s more, this discovery tactic affects Windows, macOS and Android mobile devices. 

AppSec/API Security 2022

This article will delve into browser bookmark discovery by exploring how it fits into the discovery portion of an attack, the problem with mitigation, real-life examples of browser bookmark discovery and detection.

MITRE and ATT&CK

MITRE is a not-for-profit corporation dedicated to solving problems for a safer world. Beginning as a systems engineering company in 1958, MITRE has added new technical and organization capabilities to its knowledge base — including cybersecurity.

To this end, MITRE released the MITRE ATT&CK list as a globally accessible knowledge base of adversary techniques and tactics based upon real-world observations. This information can then be used as the basis for the foundation of the development of threat models and methodologies for cybersecurity product/service community, the private sector and government use. More information on the MITRE ATT&CK matrix can be found here

How browser bookmarks fit into discovery

To understand how browser bookmarks fit into the big picture, you have to understand what the discovery phase is. 

Discovery is one of the MITRE ATT&CK tactics of an information security attack where the malicious attacker is trying to learn your environment. This tactic consists of techniques that will help the attacker gain knowledge about an organization’s systems and network. Think of it as the attacker is proverbially finding his feet before (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/a9yQk5z3D4E/