Connect with us

Hi, what are you looking for?



Browsers Net More Phish, But Targeted Attacks Swim Through

Browser Phishing Tests

Security testing firm NSS Labs has released the latest results from its web browser security comparative series, which this time evaluated the effectiveness of phishing protection from the most popular Web browsers – Apple’s Safari, Google Chrome, Microsoft Internet Explorer, and Mozilla’s Firefox.

Browser Phishing Tests

Security testing firm NSS Labs has released the latest results from its web browser security comparative series, which this time evaluated the effectiveness of phishing protection from the most popular Web browsers – Apple’s Safari, Google Chrome, Microsoft Internet Explorer, and Mozilla’s Firefox.

During a 10-day test period, NSS Labs found that the average phishing URL catch rate ranged from 90% for Firefox 15 to 94% for Chrome 21. That number is a significant improvement from 2009 testing where the average block rate was 46%, NSS said. Additionally, the average time it took for tested web browsers to block a phishing URL improved to 4.87 hours versus 16.43 hours in tests done in 2009.

“These test results show that web browsers, an important first line of defense, have improved their ability to detect and block malicious phishing sites sufficiently promoted through fraudulent messages to be more quickly logged in reputation-based systems updating browsers’ blocking features,” NSS Labs said in a statement.

The zero-hour block rates for the browsers tested against brand new malicious URLs ranged from Chrome 21 at 53.2 percent to Safari 5 at 79.2 percent, NSS said. Firefox 15 had the fastest average block time at 2.35 hours, while all other browsers ranged from 5.38 to 6.11 hours.

However, NSS Labs warned that while browsers’ reputation-based defenses may be improving, targeted attacks still pose a significant threat.

“As a rule, [browser phishing defenses] offer less protection from more narrowly targeted phishing attacks, such as those aimed at government and financial services organizations and likely launched selectively in an effort to evade reputation system recognition,” the testing firm said.

Related: Incident Response – Are You Ready For a Phishing Attack?

Advertisement. Scroll to continue reading.

In a report (PDF) released today by Trend Micro, the firm revealed that 91 percent of targeted attacks involved spear phishing, based on its analysis of targeted attack data collected between February and September of this year. According Trend’s report, 94 percent of targeted emails use malicious file attachments as the payload or infection source. The remaining 6 six percent use other methods such as installing malware through malicious links that trigger malicious downloads.

Phishing AttacksThe most highly targeted industries are government and activist groups, Trend said. The reason? Trend believes it’s the extensive information about government agencies and officials easily found online that makes them visible targets.

“Sophisticated spear phishing campaigns continue to be highly problematic to defend against,” said Randy Abrams, Research Director at NSS Labs. “It is important that developers harden browsers to block not only phishing attacks, but also other threats, such as socially engineered malware and drive-by downloads as these remain popular and effective attack vectors for cybercriminals.”

Web browsers are not only getting better at blocking phishing attacks faster, but phishing sites themselves are seeing a decreased lifespan, according to recent report from the Anti-Phishing Working Group (APWG). According to the APWG’s Global Phishing Survey: Trends and Domain Name Use in 1H2012, the average uptime of phishing attacks dropped to a record low of 23 hours and 10 minutes in the first half of 2012. This number, the APWG says, is about half of what it was in late 2011.

With a decreased lifespan, attackers need to find ways to generate new phishing URLs faster. In order to do that, cybercriminals are increasingly using hacked web servers that host legitimate websites on reputable domains to host their phishing websites.

“Phishers seem to be concentrating their efforts on compromising legitimate websites using automated attack tools, or purchasing access to them on the burgeoning underground market,” Rod Rasmussen, SecurityWeek columnist and CTO of Internet Identity, said in a recent statement. “This allows them to leverage the good reputation of a website’s domain name, making it harder to block in either spam filters or via suspension, and makes takedown of that domain impractical.”

“The availability of cheap and disposable domains allow criminals to rapidly change the location of phishing sites. The result is that even a site that is live for only a few hours can evade detection and ensnare enough unwary consumers to be a profitable criminal endeavor,” NSS’ Abrams explained.

“While all browsers average above a 90% block rate for phishing, end-users and enterprises should also take protection against other threats — such as malware and drive-by downloads — into consideration when selecting a browser,” NSS warned.

In NSS’ tests, all the browsers blocked over 83% of the phishing URLs used in testing by end of day one, but it took 3 – 5 days for each to reach its maximum block rate.

Related: Why Phishing Works And How To Avoid Becoming a Victim

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...