The prevalence of browser-based attacks is on the rise, with 95% of organizations falling victim to these threats last year, according to research conducted by Omdia. Despite the use of various security tools, attackers are still able to exploit vulnerabilities within trusted browser sessions, where traditional security measures fall short.
In recent months, three notable campaigns have highlighted the seriousness of browser-based attacks. ShadyPanda infected millions of users through legitimate extensions that were later weaponized. Cyberhaven’s security extension was used against corporate customers, and Trust Wallet lost millions in a short period, all without triggering traditional security alerts.
Experts like Sam Evans, CISO of Clearwater Analytics, emphasize the importance of focusing on browser security due to the high-risk nature of these attacks. Attackers are increasingly operating within trusted browser sessions, leveraging valid identities and access to carry out their malicious activities undetected.
Traditional security architectures often overlook the behaviors that occur after access is granted, leaving organizations vulnerable to attacks that take place within the browser. The lack of visibility into browser sessions, coupled with the prevalence of browser extensions with high permissions, creates significant security gaps that attackers can exploit.
To address these challenges, organizations are advised to implement browser-layer controls that provide visibility and control over live browser sessions. By correlating browser behavior with identity and endpoint signals in real-time, organizations can better detect and respond to suspicious activities within the browser.
Browser isolation solutions from vendors like Menlo Security, Cloudflare, and Symantec offer one approach to mitigating browser-based threats by executing web content in remote containers. However, the rise of locally-run extensions and AI tools present new challenges that require innovative security measures.
Understanding the attack patterns that threat actors employ, such as the long game, credential hijacking, and API key leaks, can help organizations better prepare for and respond to browser-based attacks. By focusing on behaviors and contextual signals within browser sessions, organizations can enhance their detection capabilities and mitigate the risks associated with these attacks.
In conclusion, the browser has evolved into the primary execution environment for enterprise work, making it a critical focus area for security measures. By adopting browser-layer controls, organizations can better protect themselves against the growing threat of browser-based attacks and improve their overall security posture.