Press

Ransomware, socially engineered malware, and phishing increasingly used by attackers.

AUSTIN, Texas – November 1, 2016 – NSS Labs, Inc., the world’s leading cyber security product research, testing, and advisory company, today announced the release of its latest Web Browser Security Comparative Test Reports. Two global tests were conducted measuring how effective browsers are at protecting against socially engineered malware (SEM) and phishing attacks. Cybercriminals are taking advantage of the implied trust relationships and user-contributed content inherent in social networking sites (Facebook®, Twitter®, LinkedIn®, etc.) which allow for anonymity and rapid publishing. The speed at which these threats are “rotated” to new locations poses a significant challenge to security vendors.

Socially engineered malware (SEM) remains one of the most common security threats facing Internet users today, claiming as much as one third of Internet users as victims. These attacks pose a significant risk to individuals and organizations by threatening to compromise, damage, or acquire sensitive personal and corporate information. Europeans and Americans have increasingly found themselves targets of ransomware over the last 12 months.

Phishing attacks pose a significant risk to individuals and organizations alike, by threatening to compromise or acquire sensitive personal and corporate information. In 2016, over 145,000 unique email phishing campaigns were reported each month, and 125,000 unique phishing websites were detected each month— the highest ever recorded. Phishing attacks are becoming more complex and sophisticated, making these attacks harder to detect and difficult to prevent.

Browsers tested:

  • Google Chrome: Version 53.0.2785
  • Microsoft Edge 38.14393.0.0
  • Mozilla Firefox: Version 48.0.2

This is the first time Microsoft Edge has been included in NSS Labs’ browser testing.

Testing was conducted during the months of September and October 2016, with 220,918 socially engineered malware results and 78,921 phishing results recorded. Reports provide insights into various browsers’ security effectiveness over time, the speed at which they added protection against new attacks, and their overall consistency.

Key findings:

  • Malware and phishing protection varied widely. Protection against socially engineered malware (SEM) ranged from 78.3% to 99% while phishing protection ranged from 81.4% to 91.4%.
  • Time to block matters. Testing found that the products that blocked URLs the fastest also blocked the most malware and phishing attacks overall. This is likely due to how quickly attackers are currently rotating URLs.