- Navigators are the new front line, but today’s DLP cannot see real threats
- Data spraying attacks break through the security of the business browser
- Angry Magpie reveals how fragile DLP architecture is in a browser world
A newly discovered data exfiltration technique known as data splicing attacks could place thousands of companies around the world at risk, bypassing all the main data loss prevention tools (DLP).
The attackers can divide, encrypt or code data into the browser, transforming files into fragments that escape the detection logic used by the two terminal protection platforms (EPP) and the network -based tools – before these parts are then reversed outside the protected environment.
Using other communication channels such as GRPC and Webrtc, or secure messaging platforms like WhatsApp and Telegram, threat actors can hide their tracks more and avoid SSL-based inspections.
Threat actors are now episher, encrypt and now disappear
The growing dependence on browsers as main work tools has increased exposure. With more than 60% of corporate data stored on cloud platforms accessible via browsers, the importance of a secure browser has never been larger.
Researchers have shown that the proxy solutions used in many secure business browsers cannot simply access the context necessary to recognize these attacks because they lack visibility on user interactions, DOM changes and the browser context.
In addition, the DLP systems of the end point in the end because they rely on the APIs exposed by the browser, which do not offer a context of identity, consciousness of extension or control over the encrypted content.
These limitations create a blind spot that attackers can exploit without detection, undergoing the capacity of many companies to defend themselves against the threat scenarios of initiates.
What makes this discovery even more urgent is the ease with which these techniques can be adapted or modified. With a new code, attackers can easily create variants, further expanding the gap between the evolution of threats and obsolete protections.
In response, the team introduced Angry Magpie, an open source toolbox designed to reproduce these attacks. Security teams, red teams and sellers can use the tool to assess their defenses.
Angry Magpie allows defenders to assess the exposure of their systems in realistic scenarios, helping to identify the dead angles in the current implementations even of the best DLP solutions.
“We hope that our research will serve as an appeal to action to recognize the significant risks that browsers pose for data loss,” said the team.
