The browser is becoming one of the most frequently used attack vectors for criminals, with browser attacks coming in many different forms: Magecart, Cryptocurrency Miners, Fingerprinters, Waterholing (including exploitation) encounters, and more. RiskIQ researchers encounter these browser-based attacks daily and note a variety of differences between them. However, they all have one thing in common: they start with injecting malicious scripts.
To highlight this new breed of attack, RiskIQ profiled and analyzed the six most common injection techniques we observe in our telemetry and what makes them fascinating pieces of threat infrastructure.
Download our infographic for an illustrated look at these injection techniques or the research report for the full breakdown of these six techniques
- Tacked on
- Supply Chain
- Executable Scope
- Function Inlining
- RFC Edge-case