November 25, 2024

SquareX Discovers New Cybersecurity Attacks that Completely Bypass Secure Web Gateways (SWG), Leaving Most Enterprises Vulnerable.

SquareX Discovers New Cybersecurity Attacks that Completely Bypass Secure Web Gateways (SWG), Leaving Most Enterprises Vulnerable.

SINGAPORE, Aug 6, 2024 – SquareX Founder, Vivek Ramachandran, cybersecurity veteran with over 20 years of experience and founder/ex-CEO of Pentester Academy (acquired by INE), together with the security research team, will be delivering their latest findings in an upcoming main stage talk, titled Breaking Secure Web Gateways (SWG) for Fun and Profit! at DEF CON 32’ on Friday, August 9, 2024 at 5pm PT.

The talk will unveil ‘Last Mile Reassembly Attacks’, a new class of attacks that completely evade Secure Web Gateways (SWGs), a crucial component of modern Secure Access Service Edge (SASE) and Security Service Edge (SSE) solutions.

The web browser is the most used application within the enterprise but also the least protected. Bad actors are now increasingly targeting the weakest link: employees and consultants.

Unfortunately, most of these attacks happen online when the employee or consultant is going about his daily work. Existing security solutions like SWGs as part of SASE/SSE solutions are unable to protect users against modern web threats that happen on the client side. This makes it currently impossible for enterprise security teams to detect, mitigate and threat hunt these attacks.

Vivek Ramachandran and the SquareX team have conceptualized and identified a new class of attacks against SWG and cloud-based intercepting proxies, converting traditional attacks like malware downloads and malicious websites into something undetectable by all existing vendors in the Gartner Magic Quadrant.

This class of attack is called “Last Mile Reassembly Attacks”. The vulnerabilities the team discovered are architectural and vendor-agnostic, meaning there is no specific way to fix them.

These attacks will have a massive impact on SASE, as it is a $40 billion market, and every large security vendor has an SWG product vulnerable to this new class of attacks. This is an industry-first research highlighting attacks that we suspect may have been circulating in the wild for some time. As these client-side attacks are fundamentally different in nature to the attacks that SWGs typically detect, they have remained unnoticed. Upon revealing these attacks and the release of the accompanying toolkit, enterprise vendors can assess their security posture and build countermeasures.

During the main stage talk, Vivek will shed light on this Last Mile Reassembly Attacks” – where a file download, upload or site rendering never actually happens on the server side. Instead, the attack is assembled directly in the user’s browser using various techniques, which will be explained in detail during the talk. This way, malicious files can evade triggering SWGs, leaving many enterprises across the globe vulnerable to being attacked.

Researchers at SquareX will also demonstrate over 25 plus bypass methods, including chunking attacks, WASM payloads, and others.

“The research team and I are excited to be presenting the talk at DEF CON 32. This talk will challenge SASE, SSE vendors in the current space. We hope that vendors will rethink their reliance on cloud-based web attack detection models and understand the need for a client-side (either endpoint or browser-bjhased) security agent and browser-hardening to work in tandem with the SWG for accurate detection-mitigation of attacks,” says Vivek Ramachandran, Founder & CEO of SquareX.

Web attacks have far advanced and evolved in today’s world and if enterprises do not change the way they protect their users, they will essentially be vulnerable to these web threats and attacks. SquareX is dedicated to enhancing online security for enterprises. By bringing these vulnerabilities to light and advocating for a more comprehensive approach to browser security, the team’s research serves as a critical alert to the cybersecurity community.

The revealing of “Last Mile Reassembly Attacks” and the release of the accompanying toolkit are poised to challenge the way enterprise security teams think and will prompt enterprises to reassess their methods for protecting employees from browser-based attacks.

About SquareX:
SquareX helps organizations detect, mitigate and threat-hunt web attacks happening against their users in real time. With our innovative browser-native security product, SquareX safeguards enterprise users from a spectrum of web-based threats, encompassing malicious files, websites, scripts, and compromised networks.

About Vivek Ramachandran:
Vivek Ramachandran is a security researcher, book author, speaker-trainer, and serial entrepreneur with over two decades of experience in offensive cybersecurity. He is currently the founder of SquareX, building a browser-native security product focused on detecting, mitigating, and threat-hunting web attacks against enterprise users and consumers. Prior to that, he was the founder of Pentester Academy (acquired in 2021), which has trained thousands of customers from government agencies, Fortune 500 companies, and enterprises from over 140+ countries. Before that, Vivek’s company built an 802.11ac monitoring product sold exclusively to defense agencies.

Vivek discovered the Caffe Latte attack, broke WEP Cloaking, conceptualized enterprise Wi-Fi Backdoors, and created Chellam (Wi-Fi Firewall), WiMonitor Enterprise (802.11ac monitoring), Chigula (Wi-Fi traffic analysis via SQL), Deceptacon (IoT Honeypots), among others. He is the author of multiple five-star-rated books in offensive cybersecurity, which have sold thousands of copies worldwide and have been translated into multiple languages.

He has been a speaker/trainer at top security conferences such as Blackhat USA, Europe and Abu Dhabi, DEFCON, Nullcon, Brucon, HITB, Hacktivity, and others. Vivek’s work in cybersecurity has been covered in Forbes, TechCrunch, and other popular media outlets.

In a past life, he was one of the programmers of the 802.1x protocol and Port Security in Cisco’s 6500 Catalyst series of switches. He was also one of the winners of the Microsoft Security Shootout contest held in India among a reported 65,000 participants. He has also published multiple research papers in the field of DDoS, ARP Spoofing Detection, and Anomaly-based Intrusion Detection Systems. In 2021, he was awarded an honorary title of Regional Director of Cybersecurity by Microsoft for a period of three years, and in 2024 he joined the BlackHat Arsenal Review Board.