AI Is The Next Big Thing For Browser Security  

Uploaded on 2023-08-24 in TECHNOLOGY-Key Areas-Artificial Intelligence, FREE TO VIEW

Welcome to the new world of cyber crime. It's a lot like the old one, but with a new, threatening capability: it's automated. The rise of AI is creating a whole new class of automated attacks that threaten your network, your employees, and your data. It's time to prepare now, so you can stay ahead of the threat.  

Over the past few years, the browser has become a pivotal point for cyber attacks. Threat actors are like burglars; they go for the easiest point of entry. With enterprise users now accessing most of their computing services via browser tools like Edge, Chrome, and Firefox, the browser is a pivotal tool.  

The Browser: Ground Zero For Cyber Attacks  

This is why so many attacks tend to target browsers. The 2023 Verizon Breach Data Report shows web applications as the top action vector for attack, often through the use of stolen credentials. Email - often accessed via a browser - is the second. Between them, the browser and email account for over 80% of actions leading to security breaches or incidents.  

One of the browser's biggest problems is its lack of visibility. While security teams can monitor web traffic entering and leaving their networks, the inside of a browser application is like a closed book - and yet that's where the attack typically plays out.  

These browser-based attacks are getting worse as threat actors use more adaptive techniques designed to evade traditional detection systems like firewalls and anti-virus software. At Menlo Security, we call these highly evasive adaptive threat (HEAT) techniques, and they are becoming a scourge in the modern enterprise.  

These attacks slice through legacy firewalls and filters like cheese wire. Here are some of the ways that they subvert traditional security to put your company in danger:  

Serving attacks from legitimate domains:   Your existing web content filter probably checks URLs against a list of known malicious domains. That's great - but what happens when an attacker uses GitHub Pages or Microsoft 365 to serve a phishing site? These are legitimate domains that scanners cannot block.  

Smuggling malware under the radar:   One of the most pernicious browser-based threats is HTML smuggling. This dodges file scanners by using JavaScript to build files with malicious capabilities directly in the browser.  

Bypassing email security:   One way that attackers prevent detection by email scanners is to avoid using that channel altogether. Instead of trying to sneak malicious links or files to victims in email messages, they'll use social media systems, including business-focused ones, to message users and deliver attacks via the browser.  

Password protecting files:   File scanners often allow browsers to download password-protected files by default so that they don't disrupt legitimate business use. Attackers exploit this to deliver malicious content inside a file that detonates when a user enters the password.  

AI Automates Attacks  

These attacks were bad enough before AI became more capable, and more readily accessible. Now, rapidly evolving AI is putting everyone at risk as black hats harness it for nefarious purposes. FBI agents have openly warned about the threat from AI-based cyber attacks. Criminals are using generative AI to scale up phishing attacks and even to generate disruptive strains of malware, officials have said.  

Attackers have worked out attacks that jailbreak legitimate systems like ChatGPT, forcing them to write harmful messages such as phishing emails and even to produce malicious code.

Because some of these large language models are open source, criminal entrepreneurs have already produced 'dark' versions specifically designed to help scammers and malware producers deliver their attacks. First, there was WormGPT, but attackers innovate quickly. Others, such as Evil-GPT are already pushing the envelope. These systems lower the barrier to entry for attackers, especially scammers who are not native speakers. As more attackers begin taking advantage of them, we can expect attack volumes to rise.

That makes it more important than ever to understand what's happening inside the browser so that we can neutralize these attacks automatically.  

The industry can accomplish this by using fire to fight fire. AI might empower attackers, but it can work for defenders too. Machine learning-based systems rely on large volumes of data to find patterns that human operators couldn't hope to spot manually. Browsers and web traffic alike provide a flood of data that can fuel AI-based analysis.  

AI-based defence systems can use computer vision to 'see' images that scammers insert in emails or web pages to fool scanners. They can apply sophisticated URL risk scoring mechanisms, combining them with an analysis of web page elements. When passed through constantly updated machine learning models, this data can determine the intent of a website in real time while detecting HEAT attacks.  

As AI enhances attackers' ability to target organisations, machine learning capabilities in security products will become mandatory so that defenders can keep up. By preparing your infrastructure with AI capabilities now, you'll be able to see sophisticated, automated attacks before they happen rather than dealing with their fallout after the fact.  

Brett Raybould is  EMEA Solutions Architect at Menlo Security                                Image: geralt

You Might Also Read: 

Malvertising Proliferates As Half Of Online Ads Are Now AI Generated:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Identifying & Analysing Emerging Cloud Threats
British Police On High Alert After Supply Chain Breach »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CIRCL

CIRCL

CIRCL is the national Computer Incident Response Center of Luxembourg

Cyber Security Recruiters

Cyber Security Recruiters

Cyber Security Recruiters is a niche recruiting firm who finds impact players for our clients in the Information Security Space.

Jumpsec

Jumpsec

Jumpsec provides penetration testing, security assessments, social engineering testing, cyber incident response, training and consultancy services.

Ilex International

Ilex International

Ilex International is a European software vendor which specialises in Identity & Access Management solutions.

Caretower

Caretower

Caretower is one of Europe’s leading value added managed service provider in cyber security.

Ergon Informatik

Ergon Informatik

Ergon Informatik AG is Switzerland's leading provider of customised software solutions and software products including fraud detection and the Airlock web security suite.

SlowMist

SlowMist

SlowMist is a blockchain ecosystem security company providing cybersecurity audits and protection for leading digital asset exchanges, crypto wallets, public chains, and smart contracts.

AUREA Technology

AUREA Technology

The photon counter SPD_OEM_NIR from AUREA Technology is designed for quantum key distribution at telecom wavelengths.

Red River

Red River

Red River is a technology transformation company, bringing 25 years of experience and mission-critical expertise in analytics, cloud, collaboration, mobility, networking and security solutions.

BlueHalo

BlueHalo

BlueHalo is purpose-built to provide industry capabilities in the domains of Space Superiority and Directed Energy, Missile Defense and C4ISR, and Cyber and Intelligence.

MedSec

MedSec

MedSec is the only company of its type focused solely on cybersecurity for hospitals and medical device manufacturers, offering both a cybersecurity software solution and consulting services.

BSS

BSS

BSS is a solutions and services business based in the UK with a focus on Cyber Security, Data, Financial Crime, Internal Audit, Change, Risk and Resilience.

Daisy Corporate Services

Daisy Corporate Services

Daisy is one of the largest providers of communications and IT solutions across the UK, with a portfolio spanning unified communications, cloud, cyber security and resilience.

S2W

S2W

S2W is a data intelligence company specialized in cyber threat intelligence, brand/digital abuse, and blockchain.

Anch.AI

Anch.AI

Anch.AI is an Ethical AI Governance platform that helps you comply with EU regulations and avoid risks and penalties when developing and using AI as part of your business.

Issue53

Issue53

We empower organizations to thrive in the digital landscape. Strengthen your defenses, enhance resilience – Choose Issue53 for a secure and future-ready IT environment.