How threat actors are rendering legacy solutions useless

            With  web  browser  threats growing  in  both  frequency  and  sophistication,  it  is  critical  that  companies
            embrace the technologies available to help them in the fight. However, this is where many are lacking
            right now.

            Lagging security vendors are continuing to focus on fighting yesterday’s war, attempting to shoehorn
            network security and endpoint tools to keep users safe – a tactic that simply is not working. By leveraging
            the web browser as the attack vector, threat actors are effectively rendering a decade or so of security
            technology investments redundant.

            Secure web gateways, firewalls, endpoint security and EDR solutions are all unable to observe and
            therefore respond to actions occurring within the browser.

            Take HTML smuggling for example – a commonly used evasive technique that sees a malicious file
            dynamically constructed within the browser. It’s specifically designed to ensure that no resource requests
            for a remote file can be inspected, leaving content engines unable to identify any risk, and attackers able
            to bypass legacy network security perimeter controls.

            Similar  issues  are  also  encountered  with  ‘Good2Bad’  websites,  where  hackers  briefly  hijack  benign
            websites for malicious purposes before they are flagged as being ‘bad’ by web categorisation engines.

            Legacy tools also have problems in responding to threat actors’ use of browser exploits such as phishing
            kits,  crypto-mining  code,  and  JavaScript  to  impersonate known brand  logos  as a  means of  evading
            detection from static signatures that examine web page source code and HTTP traffic.




            Bucking the trend with innovative technologies
            Those traditional tools that many firms continue to rely upon simply are not equipped to combat the new
            cohort of advanced browser-based threats – and threat actors know this, increasing their attack efforts
            by the day.

            It’s a trend we’ve seen consistently evolving over time. Between 2019 and 2021, Menlo Labs tracked a
            958% increase in the use of Good2Bad sites. More recently, a 2022 survey of 505 IT decision makers
            across the US and UK revealed that more than half (55%) of enterprises encounter advanced web threats
            at least once a month, with almost two-thirds (62%) having had a device compromised by a browser-
            based attack in the previous 12 months alone.


            To be frank, this is somewhat unsurprising given that the very same survey highlighted that 45% of
            organisations also hadn’t added any capabilities to their security stacks over the same period.

            Moving forward through 2023 and beyond, this needs to change. Organisations cannot afford to stand
            still. Just as threat techniques have evolved, so too have the technologies and tools available to combat
            them – and they must be embraced.








            Cyber Defense eMagazine – September 2023 Edition                                                                                                                                                                                                          59
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.