Cyber Vendors or Cyber-Criminals: Who’s Winning the Race for the Browser?

Written by

From the rollout of text-to-image generation tools like DALL-E to natural language processing platforms such as ChatGPT, wowing in their ability to write resumes, scientific papers and more, it has been a breakthrough 12 months for artificial intelligence (AI). 

Many industries are already embracing these advances. Market research, copywriting, time management, coding and customer service are all purposes for which ChatGPT, and its rival platforms, are being leveraged by businesses. However, it’s not just corporations tapping into AI’s potential.

With the emergence of ever more useful tools, threat actors have also become empowered to find and develop increasingly sophisticated threat campaigns designed to exploit common vulnerabilities facing enterprises in 2023.

At Menlo Security, we have seen a major uptick in the use of highly evasive attacks targeting the browser, in part driven by this increasingly easy access to AI tools that even amateur attackers can use to create malware or viruses.

It’s an adjustment that adversaries have made in response to the changing working norms. Where many organizations have continued to embrace remote and flexible policies post-Covid, employees are enjoying the freedom of working wherever, whenever and however it best suits them – be it from the office, at home or on the go, both within and outside of the traditional 9 to 5. 

To facilitate this, enterprises have embraced cloud-based models – a dynamic in which the browser has become the central hub of operations. In fact, Google reports that the average employee spends as much as 75% of their working day using a web browser. 

As threat actors have adapted, cultivating an increasingly expansive and sophisticated arsenal of browser-based attack methods in response, 80% of breaches are now estimated to come through the browser.

Adapting Security Strategies

The spike in browser-focused cyber-attacks is, of course, a problem and one that has seen a range of policies deployed to find a resolution. 

Recently, it was reported that Google is running a pilot scheme to encourage selected staff members (around 2500) to work without access to the internet, the goal of which is to reduce the risk of attacks via the web. 

The logic is clear; working offline eliminates the potential for browser-based attacks. However, it is no coincidence that three-quarters of today’s work is done in the browser. It has become the key to accessing many of the tools and functionality we need to do our jobs. 

While such a scheme may work in isolated cases, it is likely to be unsustainable for many. If the web is where we spend our day, should we be using the right tools to protect it and educating employees about the risk rather than restricting them?

The primary challenge for many organizations is that they are continuing to rely on network security and endpoint products that are no longer fit for purpose. Indeed, many common tools still used in security stacks were built for workplaces that could be digitally walled off from malicious actors.

We now see an attack landscape in which malicious websites are being rolled out faster than URL filters can categorize them. Even more advanced solutions that leverage AI and machine learning require reputational evidence to detect malicious activity – evidence they rarely acquire until it is too late. 

The resulting dynamic has seen stagnant security strategies falling further and further behind modern threats. That needs to change.

Turning the Tide with AI Technology

But, just as attacks are becoming more sophisticated, so are the tools capable of combatting them. 

Progressive and proactive security teams will have already adopted best practices such as zero trust and supply chain risk management principles. However, these foundations must be built on by embracing innovative security solutions that support security teams in mitigating browser-based attacks.

Enter isolation technology.

Early iterations were centered around ensuring that any attachments received from outside an organization were first converted to a safe version to be viewed by the user while inspection engines determine whether they are safe or harmful. In this manner, isolation ensures that potentially malicious files never have an opportunity to reach the endpoint and therefore can’t execute.

Today, that technology has evolved to become an AI-powered phishing and ransomware protection tool designed to detect and block highly evasive attacks targeting the web browser. 

AI-based techniques are used to accurately determine in real-time if a link a user attempts to access is a phishing site designed to steal the user’s credentials. Further, the technology performs a continual web traffic analysis, applying AI/ML-powered classifiers that identify the presence of highly evasive attacks.

Commonly deployed security infrastructure, such as secure web gateways, firewalls​,​ and EDR solutions, are blind to actions occurring inside the browser. As a result, we need tailored tools capable of effectively combatting highly evasive attacks targeting the web browser.

Only with these can organizations turn the tide in the race for the browser. 

What’s hot on Infosecurity Magazine?