SquareX Uncovers Critical Flaw in Secure Web Gateways
SquareX Founder, Vivek Ramachandran, a cybersecurity veteran with over 20 years of experience and Founder/Ex-CEO of Pentester Academy (acquired by INE), together with the security research team, announces their latest findings – “Last Mile Reassembly Attacks” – a new class of attacks that completely evade Secure Web Gateways (SWGs), a crucial component of modern Secure Access Service Edge (SASE) and Security Service Edge (SSE) solutions.
The web browser is the most used application within the enterprise but also the least protected. Bad actors are now increasingly targeting the weakest link: employees and consultants.
Unfortunately, most of these attacks happen online when the employee or consultant is going about his daily work. Existing security solutions like SWGs as part of SASE/SSE solutions are unable to protect users against modern web threats that happen on the client side. This makes it currently impossible for enterprise security teams to detect, mitigate and threat-hunt these attacks.
What Did SquareX Find?
Vivek Ramachandran and the SquareX team have conceptualised and identified a new class of attacks against SWG and cloud-based intercepting proxies, converting traditional attacks like malware downloads and malicious websites into something undetectable by all existing vendors in the Gartner Magic Quadrant.
This class of attack is called “Last Mile Reassembly Attacks”. The vulnerabilities the team discovered are architectural and vendor-agnostic, meaning there is no specific way to fix them.
These attacks will have a massive impact on SASE, as it is a $40 billion market, and every large security vendor has an SWG product vulnerable to this new class of attacks. This is industry-first research highlighting attacks that we suspect may have been circulating in the wild for some time. As these client-side attacks are fundamentally different in nature to the attacks that SWGs typically detect, they have remained unnoticed. Upon revealing these attacks and the release of the accompanying toolkit, enterprise vendors can assess their security posture and build countermeasures.
During the main stage talk, titled Breaking Secure Web Gateways (SWG) for Fun and Profit! at DEF CON 32 on Friday, August 9, 2024, at 5 pm PT, Vivek will shed light on these “Last Mile Reassembly Attacks” – where a file download, upload or site rendering never actually happens on the server side. Instead, the attack is assembled directly in the user’s browser using various techniques, which will be explained in detail during the talk. This way, malicious files can evade triggering SWGs, leaving many enterprises across the globe vulnerable to being attacked.
Researchers at SquareX will also demonstrate over 25+ bypass methods, including chunking attacks, WASM payloads, and others.
“The research team and I are excited to be presenting the talk at DEF CON 32. This talk will challenge SASE, and SSE vendors in the current space. We hope that vendors will rethink their reliance on cloud-based web attack detection models and understand the need for a client-side (either endpoint or browser-based) security agent and browser-hardening to work in tandem with the SWG for accurate detection-mitigation of attacks,” says Vivek Ramachandran, Founder & CEO of SquareX.
Web attacks have far advanced and evolved in today’s world and if enterprises do not change the way they protect their users, they will essentially be vulnerable to these web threats and attacks. SquareX is dedicated to enhancing online security for enterprises. By bringing these vulnerabilities to light and advocating for a more comprehensive approach to browser security, the team’s research serves as a critical alert to the cybersecurity community.
The revealing of “Last Mile Reassembly Attacks” and the release of the accompanying toolkit are poised to challenge the way enterprise security teams think and will prompt enterprises to reassess their methods for protecting employees from browser-based attacks.