Cyber Vendors or Cyber-Criminals: Who’s Winning the Race for the Brows

/in


From the rollout of text-to-image generation tools like DALL-E to natural language processing platforms such as ChatGPT, wowing in their ability to write resumes, scientific papers and more, it has been a breakthrough 12 months for artificial intelligence (AI). 

Many industries are already embracing these advances. Market research, copywriting, time management, coding and customer service are all purposes for which ChatGPT, and its rival platforms, are being leveraged by businesses. However, it’s not just corporations tapping into AI’s potential.

With the emergence of ever more useful tools, threat actors have also become empowered to find and develop increasingly sophisticated threat campaigns designed to exploit common vulnerabilities facing enterprises in 2023.

At Menlo Security, we have seen a major uptick in the use of highly evasive attacks targeting the browser, in part driven by this increasingly easy access to AI tools that even amateur attackers can use to create malware or viruses.

It’s an adjustment that adversaries have made in response to the changing working norms. Where many organizations have continued to embrace remote and flexible policies post-Covid, employees are enjoying the freedom of working wherever, whenever and however it best suits them – be it from the office, at home or on the go, both within and outside of the traditional 9 to 5. 

To facilitate this, enterprises have embraced cloud-based models – a dynamic in which the browser has become the central hub of operations. In fact, Google reports that the average employee spends as much as 75% of their working day using a web browser. 

As threat actors have adapted, cultivating an increasingly expansive and sophisticated arsenal of browser-based attack methods in response, 80% of breaches are now estimated to come through the browser.

Adapting Security Strategies

The spike in browser-focused cyber-attacks is, of course, a problem and one that has seen a range of policies deployed to find a resolution. 

Recently, it was reported that Google is running a pilot scheme to encourage selected staff members (around 2500) to work without access to the internet, the…

Source…