AI Is The Next Big Thing For Browser Security  

Welcome to the new world of cyber crime. It's a lot like the old one, but with a new, threatening capability: it's automated. The rise of AI is creating a whole new class of automated attacks that threaten your network, your employees, and your data. It's time to prepare now, so you can stay ahead of the threat.  

Over the past few years, the browser has become a pivotal point for cyber attacks. Threat actors are like burglars; they go for the easiest point of entry. With enterprise users now accessing most of their computing services via browser tools like Edge, Chrome, and Firefox, the browser is a pivotal tool.  

The Browser: Ground Zero For Cyber Attacks  

This is why so many attacks tend to target browsers. The 2023 Verizon Breach Data Report shows web applications as the top action vector for attack, often through the use of stolen credentials. Email - often accessed via a browser - is the second. Between them, the browser and email account for over 80% of actions leading to security breaches or incidents.  

One of the browser's biggest problems is its lack of visibility. While security teams can monitor web traffic entering and leaving their networks, the inside of a browser application is like a closed book - and yet that's where the attack typically plays out.  

These browser-based attacks are getting worse as threat actors use more adaptive techniques designed to evade traditional detection systems like firewalls and anti-virus software. At Menlo Security, we call these highly evasive adaptive threat (HEAT) techniques, and they are becoming a scourge in the modern enterprise.  

These attacks slice through legacy firewalls and filters like cheese wire. Here are some of the ways that they subvert traditional security to put your company in danger:  

Serving attacks from legitimate domains:   Your existing web content filter probably checks URLs against a list of known malicious domains. That's great - but what happens when an attacker uses GitHub Pages or Microsoft 365 to serve a phishing site? These are legitimate domains that scanners cannot block.  

Smuggling malware under the radar:   One of the most pernicious browser-based threats is HTML smuggling. This dodges file scanners by using JavaScript to build files with malicious capabilities directly in the browser.  

Bypassing email security:   One way that attackers prevent detection by email scanners is to avoid using that channel altogether. Instead of trying to sneak malicious links or files to victims in email messages, they'll use social media systems, including business-focused ones, to message users and deliver attacks via the browser.  

Password protecting files:   File scanners often allow browsers to download password-protected files by default so that they don't disrupt legitimate business use. Attackers exploit this to deliver malicious content inside a file that detonates when a user enters the password.  

AI Automates Attacks  

These attacks were bad enough before AI became more capable, and more readily accessible. Now, rapidly evolving AI is putting everyone at risk as black hats harness it for nefarious purposes. FBI agents have openly warned about the threat from AI-based cyber attacks. Criminals are using generative AI to scale up phishing attacks and even to generate disruptive strains of malware, officials have said.  

Attackers have worked out attacks that jailbreak legitimate systems like ChatGPT, forcing them to write harmful messages such as phishing emails and even to produce malicious code.

Because some of these large language models are open source, criminal entrepreneurs have already produced 'dark' versions specifically designed to help scammers and malware producers deliver their attacks. First, there was WormGPT, but attackers innovate quickly. Others, such as Evil-GPT are already pushing the envelope. These systems lower the barrier to entry for attackers, especially scammers who are not native speakers. As more attackers begin taking advantage of them, we can expect attack volumes to rise.

That makes it more important than ever to understand what's happening inside the browser so that we can neutralize these attacks automatically.  

The industry can accomplish this by using fire to fight fire. AI might empower attackers, but it can work for defenders too. Machine learning-based systems rely on large volumes of data to find patterns that human operators couldn't hope to spot manually. Browsers and web traffic alike provide a flood of data that can fuel AI-based analysis.  

AI-based defence systems can use computer vision to 'see' images that scammers insert in emails or web pages to fool scanners. They can apply sophisticated URL risk scoring mechanisms, combining them with an analysis of web page elements. When passed through constantly updated machine learning models, this data can determine the intent of a website in real time while detecting HEAT attacks.  

As AI enhances attackers' ability to target organisations, machine learning capabilities in security products will become mandatory so that defenders can keep up. By preparing your infrastructure with AI capabilities now, you'll be able to see sophisticated, automated attacks before they happen rather than dealing with their fallout after the fact.  

Brett Raybould is  EMEA Solutions Architect at Menlo Security                                Image: geralt

You Might Also Read: 

Malvertising Proliferates As Half Of Online Ads Are Now AI Generated:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Identifying & Analysing Emerging Cloud Threats
British Police On High Alert After Supply Chain Breach »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Certification Europe

Certification Europe

Certification Europe (now Amtivo Ireland) is an accredited certification body which provides ISO management system certification, including ISO 27001.

LogicManager

LogicManager

LogicManager offer a complete set of IT governance, risk and compliance software solutions and advisory services.

ASU Online - Information Technology Program

ASU Online - Information Technology Program

The Information Technology program at ASU Online provides you with the expertise to design, select, implement and administer computer-based information solutions.

Telspace Systems

Telspace Systems

Telspace Systems provides penetration testing, vulnerability assessment and training services.

Hexnode MDM

Hexnode MDM

Hexnode MDM is an award winning Enterprise Mobility Management vendor which helps businesses to secure and manage BYOD, COPE, apps and content.

Seconize

Seconize

Seconize empowers enterprises to proactively manage their cyber risks, prioritize remediations, optimize security spending and ensure compliance.

DestructData

DestructData

DestructData is a leading independent provider of End of Life data destruction/security solutions.

Fortalice

Fortalice

Fortalice provide customizable consulting services built on proven methodology to strengthen your business cyber security defenses.

Blockchain R&D Hub

Blockchain R&D Hub

Blockchain R&D Hub's mission is to serve the needs of blockchain ecosystem as the center of excellence for technology research and development.

Electric Power Research Institute (EPRI)

Electric Power Research Institute (EPRI)

The Electric Power Research Institute’s Cyber Security Research Laboratory (CSRL) addresses the security issues of critical functions of electric utilities.

1Touch.io

1Touch.io

1touch.io Inventa is an AI-based, sustainable data discovery and classification platform that provides automated, near real-time discovery, mapping, and cataloging of all sensitive data.

AB Handshake

AB Handshake

AB Handshake offers a game-changing solution for telecom service providers that eliminates fraud on inbound and outbound voice traffic.

Probity

Probity

Probity Inc. is a certified software development and systems engineering company, providing support to federal government and national defense related clients.

Securin

Securin

Securin offers a comprehensive portfolio of solutions including Attack Surface Management, Vulnerability Intelligence, Penetration Testing, and Vulnerability Management.

Scalarr

Scalarr

Scalarr is an innovative, next-generation cyber security firm focused on automation and AI to detect and prevent threats in mobile and Edge/IoT infrastructures.

Verosint

Verosint

Verosint (formerly 443ID) provides real-time account fraud prevention that reveals fraudsters hiding in user accounts and proactively blocks them before their attacks can cause harm.