Menlo Security Cloud Security Platform is FedRAMP® Authorized
Most Searched
Traditional security approaches are flawed, costly, and overwhelming for security teams. Menlo Security is different. It’s the simplest, most definitive way to secure work—making online threats irrelevant to your users and your business.
Video
Our platform invisibly protects users wherever they go online. So threats are history and the alert storm is over.
eBook
Traditional network security wasn’t built to address today’s complex enterprise environments. SASE fixes that problem.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise. The collective is made up of elite security researchers that put a spotlight on the threats you know and don’t know about.
Buyer's Guide
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise.
Andrea Welch | Mar 14, 2023
Share this article
The way federal employees work has changed dramatically over the past three years. Digital transformation, cloud migration and hybrid work models have spread out infrastructure and endpoints away from the central data center out to the edge of the network. As a result, data and applications are now accessed via the browser more than ever before. Malicious actors are taking notice of these expanding threat surfaces and are taking advantage of vulnerabilities in the browser to target federal agencies.
Here are four ways adversaries are using vulnerabilities in the browser to attack federal agencies:
Terrorists figured out long ago that the best way to smuggle explosives is to deconstruct bombs and ferry individual parts separately across the border before reconstructing the devices once they get past security. Cybercriminals have recently developed similar techniques to bypass traditional anti-virus and sandbox solutions that scan web content for known malware signatures and suspicious behavior. These include dynamic file downloads (a tactic known as HTML Smuggling), Javascript trickery, password-protected archive files and oversized files–using gaps in inspection policies to smuggle malicious content past the Secure Web Gateway (SWG) before reconstructing and activating them in the browser after the initial breach has been made.
While phishing has traditionally been delivered via email, enterprising threat actors are now using other channels that aren’t covered by email security tools to deliver malicious content. This includes browser-based content such as websites, Software as a Service (SaaS) platforms, social media and professional networks, collaboration tools and SMS. Threat surfaces will continue to expand as brands find new ways to interact with customers and partners, and traditional security solutions are not keeping up.
The fact that a website is categorized as safe one day doesn’t mean that it will be safe tomorrow. Termed Legacy URL Reputation Evasion (LURE), this tactic allows threat actors to compromise websites already-trusted by categorization engines and turn them into festering dens of malicious activity. This even includes websites owned or hosted by well-known brands and media outlets. Playing the long game, attackers have been known to create new sites and let them build up a good reputation across categorization engines before using them to deliver malicious content.
The web continues to run on JavaScript, despite the language’s security vulnerabilities. Malicious content such as browser exploits and phishing kit code can be hidden or obfuscated to make the JavaScript unreadable, allowing the code to bypass detection by the SWG. The compromised JavaScript is then revealed in the browser at run time and is allowed to execute its active content on the endpoint. Attackers also use website manipulations to hide impersonation logos behind morphed images to avoid visual detection in inspection engines.
Hybrid work is here to stay, making the browser the number one business tool in the federal government. IT teams need to rethink traditional security strategies in light of these changes–focusing on detecting and stopping browser-based attacks before they infiltrate the network. The first step is to understand if your agency is currently susceptible to these highly evasive threats, which the Menlo Labs research team have categorized as Highly Evasive Adaptive Threats.
Posted by Andrea Welch on Mar 14, 2023
Tagged with Awareness, Blog, Federal Government, HEAT, Zero Trust
Securing Remote Access
To talk to a Menlo Security expert, complete the form, or call us at (650) 695-0695.