Palo Alto, USA, March 28, 2025, Cybernaise Sweep
From Wannacry to MGM Resorts Hack, ransomware is one of the most harmful cyber threats that put businesses in the epidemic. Chainalysis estimates that businesses spend nearly $1 billion each year on ransom, but in many cases it costs more than a lot of money from reputational damage and operational disruptions from attacks.
Ransomware attacks usually involve victims suppressing ransomware downloads and installations. Ransomware copies, encrypts, and/or deletes important data on your device, but is only restored upon ransom payment. Traditionally, the main target for ransomware has been victim devices. However, thanks to the surge in cloud and SaaS services, devices no longer retain keys to the kingdom. Instead, browsers have become the primary way for employees to do their jobs and interact with the Internet. In other words, browsers are becoming new endpoints.
Squarex discloses major browser vulnerabilities such as polymorphism extensions and browser SyncJacking, and issues powerful warnings regarding the emergence of browser native ransomware.
Squarex founder Vivek Ramachandran said, “The recent surge in identity attacks in browser-based identity attacks seen in the Chrome Store Oauth Attack has led to the viewing of evidence that the “components” of browser-native ransomware is being used by enemies. Play an unquestionable and important role in protecting against traditional ransomware. The future of ransomware will no longer involve file downloads, making browsers and native solutions what they need to combat browsers and native ransomware. ”
Unlike traditional ransomware, browser native ransomware does not require file downloads and is therefore completely undiscoverable by endpoint security solutions. Rather, the attack takes advantage of the widespread shift towards cloud-based enterprise storage and the fact that browser-based authentication is the primary gateway for accessing these resources, targeting the digital identity of victims. In the case studies demonstrated by Squarex, these attacks leverage AI agents to automate most of the attack sequence, requiring minimal social engineering and interference from attackers.
One potential scenario involves social engineering to allow users to access fake productivity tools to email, allowing them to identify all SaaS applications on which the victim is registered. You can then systematically reset the passwords for these apps with an AI agent, log users out on their own, and keep the enterprise data stored in these applications.
Similarly, attackers can target file sharing services such as Google Drive, Dropbox, and OneDrive to use the victim’s identity to copy and delete all files stored under their account. Seriously, attackers can access all shared drives, including those shared by colleagues, customers, and other third parties. This greatly expands the attack surface of browsers and native ransomware. With the most traditional ransomware impact limited to a single device, there is only one employee mistake to ensure that attackers have full access to resources across the enterprise.
With fewer files downloaded, it is inevitable that attackers will trace where work and valuable data are created and stored. When browsers become new endpoints, it is important for businesses to rethink their browser’s security strategies. Just as EDR is important for protecting file-based ransomware, browser-native solutions with a deep understanding of client-side application layer identity attacks will become essential in the fight against next-generation ransomware attacks.
For more information about this security investigation, users can visit https://sqrx.com/browser-native-ransomware
About squarex
Squarex’s industry-first browser detection and response (BDR) solution helps organizations detect, mitigate, and threaten real-time client-side web attacks to users. In addition to browser ransomware, SquareX also protects against a variety of browser threats, including identity attacks, malicious extensions, advanced spears, Genai DLP, and insider threats.
Browser and native ransomware disclosures are part of the browser bugs project year. Each month, Squarex research team releases major web attacks focusing on limiting the architecture of browsers and current security solutions. Previously disclosed attacks include sync jacking and polymorphism extensions in the browser.
For more information about Squarex’s BDR, users can contact fund@sqrx.com.
For inquiries regarding this disclosure or reporting years of browser bugs, users can email junice@sqrx.com.
contact
PR manager
Junice Liew
squarex
junice@sqrx.com
Disclaimer: This is a paid press release published through CyberNewswire, a PR newswire syndication platform for cybersecurity businesses.
🚀Want to introduce the story?
Submit your stories to TechStartUps.com in front of thousands of founders, investors, PE companies, tech executives, decision makers and tech leaders.
Please attract attention
Source link
