Risk
11/29/2012
11:21 AM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

NSS Labs Reveals Browsers' Anti-Phishing Progress And Phishers' New Tactics

Examined four leading browsers -- Apple Safari, Google Chrome, Microsoft Internet Explorer, and Mozilla Firefox

AUSTIN, TX--(Nov 28, 2012) - NSS Labs today released the latest results and analysis from its web browser security comparative series which evaluated the phishing protection offered by the four leading browsers -- Apple Safari, Google Chrome, Microsoft Internet Explorer, and Mozilla Firefox. During the 10-day test period, the average phishing URL catch rate ranged from 90% for Firefox 15 to 94% for Chrome 21 -- a significant improvement from 2009 testing where the average block rate was 46%. The average time it took the tested browsers to block a phishing URL also improved to 4.87 hours versus 16.43 hours in 2009 tests.

These test results show that web browsers, an important first line of defense, have improved their ability to detect and block malicious phishing sites sufficiently promoted through fraudulent messages to be more quickly logged in reputation-based systems updating browsers' blocking features. As a result, attackers must create and rotate phishing URLs far more frequently in order for them to be effective. Browsers' reputation-based defenses, as a rule, offer less protection from more narrowly targeted phishing attacks, such as those aimed at government and financial services organizations and likely launched selectively in an effort to evade reputation system recognition.

View the NSS Labs 2012 Browser Security Comparative Analysis Report - Phishing Protection.

Key browser security test conclusions for phishing protection include:

The number of malicious, phishing-linked URLs is growing significantly: Phishing continues to be one of the top attack vectors used by cybercriminals to gain access to systems and sensitive data. While the number of reported phishing attacks peaked in 2009, the average number of phishing sites detected has been on the rise from under 40,000 per month in 2011 to over 50,000 per month in 2012. Seconds count in the war on phishing: The new challenge for web browsers is to quicken blocking response times. With phishing sites now rotating at a much faster pace, it is critical for browsers to identify and block sites more rapidly. The average uptime for sites linked to phishing attacks in 2012 is around 23 hours; down from a high of 73 hours in 2010. The zero-hour block rates for the browsers tested against brand new malicious URLs ranged from Chrome 21 at 53.2% to Safari 5 at 79.2%. Firefox 15 had the fastest average block time at 2.35 hours, while all other browsers ranged from 5.38 to 6.11 hours. While all the browsers blocked over 83% of the phishing URLs used in testing by end of day one; it took 3 - 5 days for each to reach its maximum block rate. Phishing protection is just one of many browser security factors to consider: While all browsers average above a 90% block rate for phishing, end-users and enterprises should also take protection against other threats -- such as malware and drive-by downloads -- into consideration when selecting a browser. Although Firefox and Safari performed well in phishing response times, separate NSS Labs testing shows they lag behind Internet Explorer and Chrome in blocking socially-engineered malware. In overall malware testing, Internet Explorer blocked over 99.1% of malicious downloads, while Chrome was a distant second blocking only 70.4%, followed by both Firefox and Safari blocking less than 6%. Results of all previous browser security tests performed by NSS Labs can be found online at www.nsslabs.com.

Commentary: NSS Labs Research Director Randy Abrams "Phishing has been a pernicious threat for several years and the variety of measures designed to mitigate the problem have yet to decrease the prevalence of such attacks. Recent advances in reputation-based blocking systems are reaching maturity and now afford consumers and enterprises significant protections against the less sophisticated attacks," said Randy Abrams, Research Director at NSS Labs. "Still, the availability of cheap and disposable domains allow criminals to rapidly change the location of phishing sites. The result is that even a site that is live for only a few hours can evade detection and ensnare enough unwary consumers to be a profitable criminal endeavor. Sophisticated spearphishing campaigns continue to be highly problematic to defend against. It is important that developers harden browsers to block not only phishing attacks, but also other threats, such as socially engineered malware and drive-by downloads as these remain popular and effective attack vectors for cybercriminals."

The products covered in this test were:

Apple Safari 5 Google Chrome 21 Microsoft Internet Explorer 10 Mozilla Firefox 15

About NSS Labs, Inc. NSS Labs, Inc. is the world's leading information security research and advisory company. We deliver a unique mix of test-based research and expert analysis to provide our clients with the information they need to make good security decisions. CIOs, CISOs, and information security professionals from many of the largest and most demanding enterprises rely on NSS Labs' insight, every day. Founded in 1991, the company is located in Austin, Texas. For more information, visit www.nsslabs.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-0360
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

CVE-2012-1317
Published: 2014-04-23
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.

CVE-2012-1366
Published: 2014-04-23
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.

CVE-2012-3062
Published: 2014-04-23
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.

CVE-2012-3918
Published: 2014-04-23
Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317.

Best of the Web