Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Files. Show all posts

Why Shouldn't You Upload Files So Readily On Your Browser?


The digital society we live in has made it abundantly clear that being cautious about online activities goes beyond avoiding suspicious links. Recent findings by cybersecurity researchers have surfaced a new ransomware threat that exploits web browsers, potentially putting users' files at risk.

The Rising Threat

Modern web browsers like Google Chrome and Microsoft Edge offer advanced functionalities, allowing users to seamlessly interact with various online services, from email to multimedia streaming. However, these capabilities also open doors for hackers to manipulate browsers and gain unauthorised access to users' local file systems.

What Is The Risk?

The File System Access API, utilised by browsers, enables web applications to interact with users' files. This means that uploading files to seemingly benign online tools could inadvertently grant hackers access to personal data stored on the user's computer.

The Implications

Imagine using an online photo editing tool. Uploading files for editing could inadvertently expose your entire file system to malicious actors, who could then encrypt your files and demand ransom for decryption.

The Scale of the Issue

Ransomware attacks have become increasingly prevalent, targeting individuals and organisations across various sectors. In 2023 alone, organisations paid over $1.1 billion in ransomware payments, highlighting the urgent need for robust cybersecurity measures.

Addressing the Threat

Researchers at the Cyber-Physical Systems Security Lab at Florida International University have been investigating this new breed of ransomware. Their findings, presented at the USENIX Security Symposium, underscore the severity of the threat posed by browser-based ransomware.

Recommended Practices 

The research team proposed three defence approaches to mitigate the risk of browser-based ransomware. These strategies focus on detecting and preventing malicious activity at the browser, file system, and user levels, offering a multi-layered defence mechanism against potential attacks.

1. Temporarily Halting Web Applications:

This approach involves temporarily suspending a web application's activity within the browser to detect any suspicious behavior related to file encryption. By monitoring the application's actions, security systems can identify and interrupt potential ransomware activity before it causes significant damage. This measure enables users to maintain control over their files and prevent unauthorised access by any threat actors.

2. Monitoring Web Application Activity:

In addition to halting web applications, this defense strategy focuses on continuously monitoring their activity on users' computers. By analysing patterns and behaviours associated with ransomware attacks, security systems can easily detect and respond to any anomalous activities. This real-time monitoring ensures timely intervention and minimizes the impact of browser-based ransomware on users' systems.

3. Introducing Permission Dialog Boxes:

To empower users with greater control over their file system access, this approach proposes the implementation of permission dialogue boxes. When a web application requests access to the user's local files, a dialogue box prompts the user to approve or deny the request, along with providing information about the associated risks and implications. By promoting user awareness and informed decision-making, this measure ensures security posture and reduces the likelihood of inadvertent file exposure to ransomware threats.

As technology continues to transform, so do the tactics employed by cybercriminals. By staying informed and implementing proactive cybersecurity measures, users can safeguard their digital assets against threats like browser-based ransomware.




Secrets of SharePoint Security: New Techniques to Evade Detection

 



According to a recent discovery by Varonis Threat Labs, two new techniques have emerged that pose a significant threat to data security within SharePoint, a widely used platform for file management. These techniques enable users to evade detection and retreat files without triggering alarm bells in audit logs.

Technique 1: Open in App Method

The first technique leverages SharePoint's "open in app" feature, allowing users to access and download files while leaving behind only access events in the file's audit log. This method, which can be executed manually or through automated scripts, enables rapid exfiltration of multiple files without raising suspicion.

Technique 2: SkyDriveSync User-Agent

The second technique exploits the User-Agent for Microsoft SkyDriveSync, disguising file downloads as sync events rather than standard downloads. By mislabeling events, threat actors can bypass detection tools and policies, making their activity harder to track.

Implications for Security

These techniques pose a significant challenge to traditional security tools such as cloud access security brokers and data loss prevention systems. By hiding downloads as less suspicious access and sync events, threat actors can circumvent detection measures and potentially exfiltrate sensitive data unnoticed.

Microsoft's Response

Despite Varonis disclosing these methods to Microsoft, the tech giant has designated them as a "moderate" security concern and has not taken immediate action to address them. As a result, these vulnerabilities remain in SharePoint deployments, leaving organisations vulnerable to exploitation.

Recommendations for Organisations

To alleviate the risk posed by these techniques, organisations are advised to closely monitor access events in their SharePoint and OneDrive audit logs. Varonis recommends leveraging User and Entity Behavior Analytics (UEBA) and AI features to detect and stop suspicious activities, such as mass file access.

What Are the Risks?

While SharePoint and OneDrive are essential tools for facilitating file access in organisations, misconfigured permissions and access controls can inadvertently expose sensitive data to unauthorised users. Threat actors often exploit these misconfigurations to exfiltrate data, posing a significant risk to organisations across various industries.

Detection and Prevention Strategies

To detect and prevent unauthorised data exfiltration, organisations should implement detection rules that consider behavioural patterns, including frequency and volume of sync activity, unusual device usage, and synchronisation of sensitive folders. By analysing these parameters, organisations can identify and mitigate potential threats before they escalate.