- Browsers are the new front line but today’s dlp can’t see the real threats
- Data Splicing Attacks Breaks Through Business Browser Security
- Angry Magpie reveals how fragile the current DLP architecture is in a browser-first world
A recently uncovered data exfiltration technique known as data splicing attacks could place thousands of companies around the world at significant risk, which bypasses all leading data loss prevention tools (Data Tab Prevention.
Attackers can divide, encrypt or code data into the browser, convert files into fragments that avoid the detection logic used by both the Endpoint Protection Platforms (EPP) and network -based tools – before these pieces are then assembled outside the protected environment.
By using alternative communication channels such as GRPC and WebrTC or securing messaging platforms such as WhatsApp and Telegram, threat players can further hide their tracks and avoid SSL-based inspections.
Threat actors now split, encrypt and disappear
The growing dependence on browsers such as primary work tools has increased exposure. With more than 60% of company data stored on cloud platforms that are accessed via browsers, the importance of a safe browser has never been greater.
Researchers demonstrated that proxy solutions used in many safe business browsers simply cannot access the necessary context to recognize these attacks because they lack visibility in user interactions, judgment changes and browser context.
In addition, Endpoint DLP systems are fighting because they are dependent on APIs exposed by the browser, which does not offer identity context, expansion awareness or control over encrypted content.
These limitations create a blind spot that attackers can exploit without detection, and undermine many companies’ ability to defend themselves against insider threats.
What makes this discovery even more urgent is the ease that these techniques can be adapted or changed. With new code, attackers can easily create variants, which further expands the gap between developing threats and outdated protection.
In response, the team Introduced Angry Magpie, an open source tool set designed to repeat these attacks. Security teams, red teams and suppliers can use the tool to evaluate their defense.
Angry Magpie allows defenders to assess their system’s exposure in realistic scenarios and help identify blind spots in current implementations of even the best DLP solutions.
“We hope that our research will serve as a call for action to recognize the significant risks that browsers pose for data loss,” the team said.
