- Navigators are the new first line, but today’s DLP cannot see real threats
- Data joint attacks break the safety of the business browser
- Angry Magpie reveals how fragile is the current DLP architecture in a world of the browser
A recently discovered data exfiltration technique known as data junction attacks could place thousands of companies worldwide with a significant risk, without going through all leading tools for data loss prevention (DLP).
The attackers can divide, encrypt or encode data into the browser, transforming files into fragments that evade the detection logic used by the final point protection platforms (PPE) and network -based tools, before these parts are re -assembled outside the protected environment.
Through the use of alternative communication channels such as GRPC and Webrtc, or safe messaging platforms such as WhatsApp and Telegram, threat actors can further obscure their tracks and avoid SSL -based inspections.
The actors of threat now splican, encrypt and disappear
The growing dependence on browsers as primary work tools has increased exposure. With more than 60% of the business data stored in cloud platforms that are accessed through browsers, the importance of a safe browser has never been greater.
The researchers showed that proxy solutions used in many safe business browsers can simply not access the necessary context to recognize these attacks because they lack visibility of user interactions, Dom changes and browser context.
In addition, the end point DLP systems fight because they depend on the APIs set out by the browser, which do not offer identity context, extension awareness or control over the encrypted content.
These limitations create a blind spot that attackers can exploit without detection, undermining the ability of many companies to defend themselves against internal threat scenarios.
What makes this discovery even more urgent is the ease with which these techniques can be adapted or modified. With the new code, attackers can easily create variants, further expanding the gap between evolving threats and obsolete protections.
In response, the team introduced Angry Magpie, an open source tool kit designed to replicate these attacks. Security equipment, red equipment and suppliers can use the tool to evaluate their defenses.
Angry Magpie allows defenders to evaluate the exposure of their systems in realistic scenarios, helping to identify blind points in current implementations of even the best DLP solutions.
“We hope that our research serves as a call to action to recognize the significant risks that browsers represent for data loss,” the team said.
