AI Is The Next Big Thing For Browser Security  

Welcome to the new world of cyber crime. It's a lot like the old one, but with a new, threatening capability: it's automated. The rise of AI is creating a whole new class of automated attacks that threaten your network, your employees, and your data. It's time to prepare now, so you can stay ahead of the threat.  

Over the past few years, the browser has become a pivotal point for cyber attacks. Threat actors are like burglars; they go for the easiest point of entry. With enterprise users now accessing most of their computing services via browser tools like Edge, Chrome, and Firefox, the browser is a pivotal tool.  

The Browser: Ground Zero For Cyber Attacks  

This is why so many attacks tend to target browsers. The 2023 Verizon Breach Data Report shows web applications as the top action vector for attack, often through the use of stolen credentials. Email - often accessed via a browser - is the second. Between them, the browser and email account for over 80% of actions leading to security breaches or incidents.  

One of the browser's biggest problems is its lack of visibility. While security teams can monitor web traffic entering and leaving their networks, the inside of a browser application is like a closed book - and yet that's where the attack typically plays out.  

These browser-based attacks are getting worse as threat actors use more adaptive techniques designed to evade traditional detection systems like firewalls and anti-virus software. At Menlo Security, we call these highly evasive adaptive threat (HEAT) techniques, and they are becoming a scourge in the modern enterprise.  

These attacks slice through legacy firewalls and filters like cheese wire. Here are some of the ways that they subvert traditional security to put your company in danger:  

Serving attacks from legitimate domains:   Your existing web content filter probably checks URLs against a list of known malicious domains. That's great - but what happens when an attacker uses GitHub Pages or Microsoft 365 to serve a phishing site? These are legitimate domains that scanners cannot block.  

Smuggling malware under the radar:   One of the most pernicious browser-based threats is HTML smuggling. This dodges file scanners by using JavaScript to build files with malicious capabilities directly in the browser.  

Bypassing email security:   One way that attackers prevent detection by email scanners is to avoid using that channel altogether. Instead of trying to sneak malicious links or files to victims in email messages, they'll use social media systems, including business-focused ones, to message users and deliver attacks via the browser.  

Password protecting files:   File scanners often allow browsers to download password-protected files by default so that they don't disrupt legitimate business use. Attackers exploit this to deliver malicious content inside a file that detonates when a user enters the password.  

AI Automates Attacks  

These attacks were bad enough before AI became more capable, and more readily accessible. Now, rapidly evolving AI is putting everyone at risk as black hats harness it for nefarious purposes. FBI agents have openly warned about the threat from AI-based cyber attacks. Criminals are using generative AI to scale up phishing attacks and even to generate disruptive strains of malware, officials have said.  

Attackers have worked out attacks that jailbreak legitimate systems like ChatGPT, forcing them to write harmful messages such as phishing emails and even to produce malicious code.

Because some of these large language models are open source, criminal entrepreneurs have already produced 'dark' versions specifically designed to help scammers and malware producers deliver their attacks. First, there was WormGPT, but attackers innovate quickly. Others, such as Evil-GPT are already pushing the envelope. These systems lower the barrier to entry for attackers, especially scammers who are not native speakers. As more attackers begin taking advantage of them, we can expect attack volumes to rise.

That makes it more important than ever to understand what's happening inside the browser so that we can neutralize these attacks automatically.  

The industry can accomplish this by using fire to fight fire. AI might empower attackers, but it can work for defenders too. Machine learning-based systems rely on large volumes of data to find patterns that human operators couldn't hope to spot manually. Browsers and web traffic alike provide a flood of data that can fuel AI-based analysis.  

AI-based defence systems can use computer vision to 'see' images that scammers insert in emails or web pages to fool scanners. They can apply sophisticated URL risk scoring mechanisms, combining them with an analysis of web page elements. When passed through constantly updated machine learning models, this data can determine the intent of a website in real time while detecting HEAT attacks.  

As AI enhances attackers' ability to target organisations, machine learning capabilities in security products will become mandatory so that defenders can keep up. By preparing your infrastructure with AI capabilities now, you'll be able to see sophisticated, automated attacks before they happen rather than dealing with their fallout after the fact.  

Brett Raybould is  EMEA Solutions Architect at Menlo Security                                Image: geralt

You Might Also Read: 

Malvertising Proliferates As Half Of Online Ads Are Now AI Generated:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Identifying & Analysing Emerging Cloud Threats
British Police On High Alert After Supply Chain Breach »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Allegro Software

Allegro Software

Allegro provide secure software for the Internet of Things.

CYBERSEC Forum

CYBERSEC Forum

CYBERSEC Forum is an annual European Public Policy Conference dedicated to strategic aspects of cybersecurity.

Crypto4A Technologies

Crypto4A Technologies

Crypto4A quantum-ready cybersecurity solutions significantly improve protection for Cloud, loT, Blockchain, V2X, government and military application deployments.

Turkish Accreditation Agency (TURKAK)

Turkish Accreditation Agency (TURKAK)

TURKAK is the national accreditation body for Turkey. The directory of members provides details of organisations offering certification services for ISO 27001.

PreEmptive Solutions

PreEmptive Solutions

PreEmptive Protection hit the sweet spot between cost, convenience and functionality by helping you protect and secure your apps in a smarter way.

OwnZap Infosec

OwnZap Infosec

OwnZap Infosec aims to digitally shield the cyberspace by offering services like Penetration Testing and Red Teaming, Infrastructure Security Testing, and Vulnerability Assessments.

ThreatX

ThreatX

ThreatX provides complete web application & API protection to address expanding app footprints and complex attacks.

Conference on Applied Machine Learning in Information Security (CAMLIS)

Conference on Applied Machine Learning in Information Security (CAMLIS)

CAMLIS is a venue for discussing applied research on machine learning, deep learning and data science in information security.

Anametric

Anametric

Anametric is developing new technologies and devices for chip scale quantum photonics, with a focus on cybersecurity.

Gen Digital

Gen Digital

At Gen™, our mission is to create technology solutions for people to take full advantage of the digital world, safely, privately, and confidently – so together, we can build a better tomorrow.

Questex Asia Total Security Conference

Questex Asia Total Security Conference

Questex Asia’s Total Security Conferences is one of the industry’s most prestigious and engaging forums for the region's top information security leaders and business decision-makers.

ShellBoxes

ShellBoxes

ShellBoxes are a leading Web3 company focused on providing top-notch blockchain security and development services.

ITQ Latam

ITQ Latam

ITQ Latam are specialists in cybersecurity, in a convergent ecosystem of technological solutions in infrastructure, cloud and security networks.

Protos Labs

Protos Labs

Protos Labs enables insurers & enterprises to make better cyber risk decisions through holistic, real-time risk management tools.

SECQAI

SECQAI

At SECQAI we create dual-use hardware and software to enable the future of computing.

Universal Technical Resource Services (UTRS)

Universal Technical Resource Services (UTRS)

UTRS is a technology firm that delivers a wide range of engineering, technical, strategic, and digital services to the public and private sectors.