Delivering Safe Browsing Experiences in A Rising Tide of Web-Based Threats

By Brett Raybould, EMEA Solutions Architect, Menlo Security 

According to Google, the average worker now spends three-quarters of their working day using a web browser. This has provided many productivity benefits. Not least, it is enabling employees to work flexibly as per their individual needs – from the office, from home, on the go, or outside of traditional working hours. However, in a cyber sense, it has created concerns.

Within this new working dynamic, adversaries have placed a massive bullseye on the web browser. It has become the new desktop, where many of us spend the bulk of our working day.

We are witnessing a massive shift in the attentions of attackers as they continually refine their techniques, developing novel and innovative ways to target their victims via this new focal channel.

It’s a problematic situation that is not being helped by the emergence of ever more powerful tools, including new generative AI platforms. Indeed, the ability of threat actors to find and develop ways to launch ever more sophisticated attacks is ramping up – something that security professionals fear.

In a recent survey of 1,500 IT specialists, Blackberry found that 71% believe that foreign states are likely to already be using ChatGPT for malicious purposes against other nations, for example.

How threat actors are rendering legacy solutions useless

With web browser threats growing in both frequency and sophistication, it is critical that companies embrace the technologies available to help them in the fight. However, this is where many are lacking right now.

Lagging security vendors are continuing to focus on fighting yesterday’s war, attempting to shoehorn network security and endpoint tools to keep users safe – a tactic that simply is not working. By leveraging the web browser as the attack vector, threat actors are effectively rendering a decade or so of security technology investments redundant.

Secure web gateways, firewalls, endpoint security and EDR solutions are all unable to observe and therefore respond to actions occurring within the browser.

Take HTML smuggling for example – a commonly used evasive technique that sees a malicious file dynamically constructed within the browser. It’s specifically designed to ensure that no resource requests for a remote file can be inspected, leaving content engines unable to identify any risk, and attackers able to bypass legacy network security perimeter controls.

Similar issues are also encountered with ‘Good2Bad’ websites, where hackers briefly hijack benign websites for malicious purposes before they are flagged as being ‘bad’ by web categorisation engines.

Legacy tools also have problems in responding to threat actors’ use of browser exploits such as phishing kits, crypto-mining code, and JavaScript to impersonate known brand logos as a means of evading detection from static signatures that examine web page source code and HTTP traffic.

Bucking the trend with innovative technologies

Those traditional tools that many firms continue to rely upon simply are not equipped to combat the new cohort of advanced browser-based threats – and threat actors know this, increasing their attack efforts by the day.

It’s a trend we’ve seen consistently evolving over time. Between 2019 and 2021, Menlo Labs tracked a 958% increase in the use of Good2Bad sites. More recently, a 2022 survey of 505 IT decision makers across the US and UK revealed that more than half (55%) of enterprises encounter advanced web threats at least once a month, with almost two-thirds (62%) having had a device compromised by a browser-based attack in the previous 12 months alone.

To be frank, this is somewhat unsurprising given that the very same survey highlighted that 45% of organisations also hadn’t added any capabilities to their security stacks over the same period.

Moving forward through 2023 and beyond, this needs to change. Organisations cannot afford to stand still. Just as threat techniques have evolved, so too have the technologies and tools available to combat them – and they must be embraced.

Enter HEAT Shield – a new technology capable of detecting and blocking phishing attacks before they can infiltrate the enterprise network. It uses novel, AI-based techniques – including computer vision combined with URL risk scoring and analysis of the web page elements – to accurately determine in real time if a link being accessed is a phishing site designed to steal the user’s credentials.

Elsewhere, HEAT Visibility can be used to perform continual analysis of web traffic, applying AI/ML-powered classifiers that identify the presence of highly evasive attacks. This delivers timely, actionable alerts that enable security teams to significantly reduce mean time to detect (MTTD) and mean time to respond (MTTR) to any highly evasive threats that could be targeting enterprise users.

The availability of such solutions is a positive, and there are other reasons for optimism too. Indeed, Verizon’s 2022 Data Breach Investigations Report revealed that 82% of firms are at least considering adopting a zero trust approach to security, with genuine adoption expected to ramp up throughout this year. However, given the growing threat of browser-based attacks, organisations must address the associated vulnerabilities as a priority.

The technologies are there. Now is the time to embrace them – to turn the tide, and deliver a secure, seamless browsing experience for all.

About the Author

Brett Raybould – EMEA Solutions Architect, Menlo Security. Brett is passionate about security and providing solutions to organisations looking to protect their most critical assets. Having worked for over 15 years for various tier 1 vendors who specialise in detection of inbound threats across web and email as well as data loss prevention, Brett joined Menlo Security in 2016 and discovered how isolation provides a new approach to solving the problems that detection-based systems continue to struggle with.