AI Is The Next Big Thing For Browser Security  

Welcome to the new world of cyber crime. It's a lot like the old one, but with a new, threatening capability: it's automated. The rise of AI is creating a whole new class of automated attacks that threaten your network, your employees, and your data. It's time to prepare now, so you can stay ahead of the threat.  

Over the past few years, the browser has become a pivotal point for cyber attacks. Threat actors are like burglars; they go for the easiest point of entry. With enterprise users now accessing most of their computing services via browser tools like Edge, Chrome, and Firefox, the browser is a pivotal tool.  

The Browser: Ground Zero For Cyber Attacks  

This is why so many attacks tend to target browsers. The 2023 Verizon Breach Data Report shows web applications as the top action vector for attack, often through the use of stolen credentials. Email - often accessed via a browser - is the second. Between them, the browser and email account for over 80% of actions leading to security breaches or incidents.  

One of the browser's biggest problems is its lack of visibility. While security teams can monitor web traffic entering and leaving their networks, the inside of a browser application is like a closed book - and yet that's where the attack typically plays out.  

These browser-based attacks are getting worse as threat actors use more adaptive techniques designed to evade traditional detection systems like firewalls and anti-virus software. At Menlo Security, we call these highly evasive adaptive threat (HEAT) techniques, and they are becoming a scourge in the modern enterprise.  

These attacks slice through legacy firewalls and filters like cheese wire. Here are some of the ways that they subvert traditional security to put your company in danger:  

Serving attacks from legitimate domains:   Your existing web content filter probably checks URLs against a list of known malicious domains. That's great - but what happens when an attacker uses GitHub Pages or Microsoft 365 to serve a phishing site? These are legitimate domains that scanners cannot block.  

Smuggling malware under the radar:   One of the most pernicious browser-based threats is HTML smuggling. This dodges file scanners by using JavaScript to build files with malicious capabilities directly in the browser.  

Bypassing email security:   One way that attackers prevent detection by email scanners is to avoid using that channel altogether. Instead of trying to sneak malicious links or files to victims in email messages, they'll use social media systems, including business-focused ones, to message users and deliver attacks via the browser.  

Password protecting files:   File scanners often allow browsers to download password-protected files by default so that they don't disrupt legitimate business use. Attackers exploit this to deliver malicious content inside a file that detonates when a user enters the password.  

AI Automates Attacks  

These attacks were bad enough before AI became more capable, and more readily accessible. Now, rapidly evolving AI is putting everyone at risk as black hats harness it for nefarious purposes. FBI agents have openly warned about the threat from AI-based cyber attacks. Criminals are using generative AI to scale up phishing attacks and even to generate disruptive strains of malware, officials have said.  

Attackers have worked out attacks that jailbreak legitimate systems like ChatGPT, forcing them to write harmful messages such as phishing emails and even to produce malicious code.

Because some of these large language models are open source, criminal entrepreneurs have already produced 'dark' versions specifically designed to help scammers and malware producers deliver their attacks. First, there was WormGPT, but attackers innovate quickly. Others, such as Evil-GPT are already pushing the envelope. These systems lower the barrier to entry for attackers, especially scammers who are not native speakers. As more attackers begin taking advantage of them, we can expect attack volumes to rise.

That makes it more important than ever to understand what's happening inside the browser so that we can neutralize these attacks automatically.  

The industry can accomplish this by using fire to fight fire. AI might empower attackers, but it can work for defenders too. Machine learning-based systems rely on large volumes of data to find patterns that human operators couldn't hope to spot manually. Browsers and web traffic alike provide a flood of data that can fuel AI-based analysis.  

AI-based defence systems can use computer vision to 'see' images that scammers insert in emails or web pages to fool scanners. They can apply sophisticated URL risk scoring mechanisms, combining them with an analysis of web page elements. When passed through constantly updated machine learning models, this data can determine the intent of a website in real time while detecting HEAT attacks.  

As AI enhances attackers' ability to target organisations, machine learning capabilities in security products will become mandatory so that defenders can keep up. By preparing your infrastructure with AI capabilities now, you'll be able to see sophisticated, automated attacks before they happen rather than dealing with their fallout after the fact.  

Brett Raybould is  EMEA Solutions Architect at Menlo Security                                Image: geralt

You Might Also Read: 

Malvertising Proliferates As Half Of Online Ads Are Now AI Generated:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Identifying & Analysing Emerging Cloud Threats
British Police On High Alert After Supply Chain Breach »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

Watch this webinar and get a comprehensive roadmap for securely adopting generative AI using Amazon Bedrock, a fully managed service that offers a choice of high-performing foundation models (FMs).

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Link11 GmbH

Link11 GmbH

Link11 provides DDoS protection solutions to protect websites and complete server infrastructures from DDoS attacks.

Korea Internet & Security Agency (KISA)

Korea Internet & Security Agency (KISA)

KISA is committed to improving the competitiveness, reliability and security of Internet information and knowledge in Korea.

Picasso

Picasso

The Picasso project is focused on ICT Policy, Research and Innovation for a Smart Society: towards new avenues in EU-US ICT collaboration.

CalCom

CalCom

CalCom Hardening Solution (CHS) for Microsoft OMS is a security baseline-hardening solution designed to address the needs of IT operations and security teams.

TEISS

TEISS

Teiss.co.uk is a website dedicated to providing information about cyber security. TEISS also provide a series of conferences and events focused on cyber security.

SecuDrive

SecuDrive

SecuDrive, provides hardware encrypted external storage devices to protect a company’s sensitive and important data.

Sonda

Sonda

SONDA is the leading systems integrator and IT service provider in Latin America.

infySEC

infySEC

InfySEC is an information security services organization offering Security Technology services, Security Consulting, Security Training, Research & Development.

Sternum

Sternum

Sternum provides reliable and effective endpoint security for any IoT device, using robust technology and seamless integration.

Information System Authority (RIA) - Estonia

Information System Authority (RIA) - Estonia

RIA ensures the interoperability of the state’s information system, organises activities related to information security, and handles security incidents in Estonian computer networks.

StepStone

StepStone

StepStone is one of the leading online job platforms in Germany, and other countries, covering all industry sectors including IT and cybersecurity.

Renesas Electronics

Renesas Electronics

Renesas Electronics delivers trusted embedded design innovation with solutions that enable billions of connected, intelligent devices to enhance the way people work and live - securely and safely.

Banshie

Banshie

Banshie is an independent cyber security company with a small team of recognized specialist that are among the best in their field.

R-Tech

R-Tech

R-Tech GmbH manages the digital start-up initiative, whose goal is to build a sustainable start-up culture in the field of digitization throughout the Upper Palatinate district of Bavaria.

Deutsche Gesellschaft für Cybersicherheit (DGC)

Deutsche Gesellschaft für Cybersicherheit (DGC)

As a leading provider of cyber security, DGC supports companies in taking advantage of the opportunities offered by the digital transformation – and in minimizing the associated risks.

CYTUR

CYTUR

CYTUR provide trusted and secured maritime cybersecurity solutions to keep ships safe, protecting them, their crews, cargo and all stakeholders from maritime cyber threats.