Photo credit: www.techradar.com

Browsers as the New Frontline: The Limitations of Current DLP Systems

Data Splicing Attacks: A Serious Threat to Enterprise Security

Recent findings have brought to light a new method of data exfiltration called Data Splicing Attacks, which poses a considerable risk to countless businesses globally by evading all prominent data loss prevention (DLP) solutions.

This sophisticated attack allows cybercriminals to split, encrypt, or encode sensitive data directly within a web browser. By fragmenting files into pieces that can slip past the detection mechanisms of both endpoint protection platforms (EPP) and network-based systems, these data fragments can be reassembled outside secured environments.

Utilizing alternative communication methods such as gRPC, WebRTC, and secure messaging applications like WhatsApp and Telegram, attackers can further conceal their activities, effectively circumventing SSL-based security checks.

The Evolving Landscape of Cyber Threats

The increased use of web browsers for professional tasks has heightened the overall risk to sensitive data. Over 60% of enterprise data is now stored on cloud services accessed through browsers, underscoring the crucial need for enhanced browser security.

Research indicates that many secure enterprise browser solutions utilize proxy systems that fail to gather the essential context needed to detect these types of attacks. By lacking transparency into user actions, Document Object Model (DOM) changes, and overall browser context, these systems leave enterprises vulnerable.

Furthermore, conventional DLP systems are hindered by their reliance on Application Programming Interfaces (APIs) presented by browsers, which do not provide adequate identity context, extension awareness, or management of encrypted information. This results in vulnerabilities that malicious actors can exploit unnoticed, jeopardizing defenses against potential insider threats.

Adding urgency to this threat is the straightforward adaptability of these techniques. Cybercriminals can easily modify their methods to produce variants of the original attacks, further exacerbating the divide between emerging threats and outdated protective measures.

In a proactive response to this challenge, a new toolkit named Angry Magpie has been introduced as an open-source resource. This tool is engineered to replicate Data Splicing Attacks, enabling security teams, red teams, and vendors to assess their own defenses effectively.

Angry Magpie empowers organizations to gauge their systems’ vulnerabilities in real-world scenarios, allowing for the detection of weaknesses within existing DLP solutions, even those deemed robust.

“We hope our research will serve as a call to action to acknowledge the significant risks browsers pose for data loss,” the development team stated.

Further Reading and Insights

Source
www.techradar.com