As browsers become the new endpoint, it is crucial for enterprises to reconsider their browser security strategy – just as EDRs were critical to defend against file-based ransomware, a browser-native solution with a deep understanding of client-side application layer identity attacks will become essential in combating the next generation of ransomware attacks. This significantly expands the attack surface of browser-native ransomware – where the impact of most traditional ransomware is confined to a single device, all it takes is one employee’s mistake for attackers to gain full access to enterprise-wide resources. In addition to browser ransomware, SquareX also protects against various browser threats including identity attacks, malicious extensions, advanced spearphishing, GenAI DLP, and insider threats. SquareX’s founder, Vivek Ramachandran cautions, “With the recent surge in browser-based identity attacks like the one we saw with the Chrome Store OAuth attack, we are beginning to see evidence of the ‘ingredients’ of browser-native ransomwares being used by adversaries. SquareX has been disclosing major browser vulnerabilities like Polymorphic Extensions and Browser Syncjacking, and is now issuing a strong warning on the emergence of browser-native ransomware. Ransomware attacks typically involve tricking victims into downloading and installing the ransomware, which copies, encrypts, and/or deletes critical data on the device, only to be restored upon the ransom payment. SquareX’s industry-first Browser Detection and Response (BDR) solution helps organizations detect, mitigate, and threat-hunt client-side web attacks happening against their users in real time. Every month, SquareX’s research team releases a major web attack that focuses on architectural limitations of the browser and incumbent security solutions.
This Cyber News was published on cybersecuritynews.com. Publication date: Sat, 29 Mar 2025 06:10:06 +0000