AI Is The Next Big Thing For Browser Security

Uploaded on 2023-08-24 in TECHNOLOGY-Key Areas-Artificial Intelligence, FREE TO VIEW

Welcome to the new world of cyber crime. It's a lot like the old one, but with a new, threatening capability: it's automated. The rise of AI is creating a whole new class of automated attacks that threaten your network, your employees, and your data. It's time to prepare now, so you can stay ahead of the threat.

Over the past few years, the browser has become a pivotal point for cyber attacks. Threat actors are like burglars; they go for the easiest point of entry. With enterprise users now accessing most of their computing services via browser tools like Edge, Chrome, and Firefox, the browser is a pivotal tool.

The Browser: Ground Zero For Cyber Attacks

This is why so many attacks tend to target browsers. The 2023 Verizon Breach Data Report shows web applications as the top action vector for attack, often through the use of stolen credentials. Email - often accessed via a browser - is the second. Between them, the browser and email account for over 80% of actions leading to security breaches or incidents.

One of the browser's biggest problems is its lack of visibility. While security teams can monitor web traffic entering and leaving their networks, the inside of a browser application is like a closed book - and yet that's where the attack typically plays out.

These browser-based attacks are getting worse as threat actors use more adaptive techniques designed to evade traditional detection systems like firewalls and anti-virus software. At Menlo Security, we call these highly evasive adaptive threat (HEAT) techniques, and they are becoming a scourge in the modern enterprise.

These attacks slice through legacy firewalls and filters like cheese wire. Here are some of the ways that they subvert traditional security to put your company in danger:

Serving attacks from legitimate domains: Your existing web content filter probably checks URLs against a list of known malicious domains. That's great - but what happens when an attacker uses GitHub Pages or Microsoft 365 to serve a phishing site? These are legitimate domains that scanners cannot block.

Smuggling malware under the radar: One of the most pernicious browser-based threats is HTML smuggling. This dodges file scanners by using JavaScript to build files with malicious capabilities directly in the browser.

Bypassing email security: One way that attackers prevent detection by email scanners is to avoid using that channel altogether. Instead of trying to sneak malicious links or files to victims in email messages, they'll use social media systems, including business-focused ones, to message users and deliver attacks via the browser.

Password protecting files: File scanners often allow browsers to download password-protected files by default so that they don't disrupt legitimate business use. Attackers exploit this to deliver malicious content inside a file that detonates when a user enters the password.

AI Automates Attacks

These attacks were bad enough before AI became more capable, and more readily accessible. Now, rapidly evolving AI is putting everyone at risk as black hats harness it for nefarious purposes. FBI agents have openly warned about the threat from AI-based cyber attacks. Criminals are using generative AI to scale up phishing attacks and even to generate disruptive strains of malware, officials have said.

Attackers have worked out attacks that jailbreak legitimate systems like ChatGPT, forcing them to write harmful messages such as phishing emails and even to produce malicious code.

Because some of these large language models are open source, criminal entrepreneurs have already produced 'dark' versions specifically designed to help scammers and malware producers deliver their attacks. First, there was WormGPT, but attackers innovate quickly. Others, such as Evil-GPT are already pushing the envelope. These systems lower the barrier to entry for attackers, especially scammers who are not native speakers. As more attackers begin taking advantage of them, we can expect attack volumes to rise.

That makes it more important than ever to understand what's happening inside the browser so that we can neutralize these attacks automatically.

The industry can accomplish this by using fire to fight fire. AI might empower attackers, but it can work for defenders too. Machine learning-based systems rely on large volumes of data to find patterns that human operators couldn't hope to spot manually. Browsers and web traffic alike provide a flood of data that can fuel AI-based analysis.

AI-based defence systems can use computer vision to 'see' images that scammers insert in emails or web pages to fool scanners. They can apply sophisticated URL risk scoring mechanisms, combining them with an analysis of web page elements. When passed through constantly updated machine learning models, this data can determine the intent of a website in real time while detecting HEAT attacks.

As AI enhances attackers' ability to target organisations, machine learning capabilities in security products will become mandatory so that defenders can keep up. By preparing your infrastructure with AI capabilities now, you'll be able to see sophisticated, automated attacks before they happen rather than dealing with their fallout after the fact.

Brett Raybould is EMEA Solutions Architect at Menlo Security Image: geralt

You Might Also Read:

Malvertising Proliferates As Half Of Online Ads Are Now AI Generated:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.