Subj : Thousands of businesses a
To   : All
From : Mike Powell
Date : Tue Apr 29 2025 09:37 am

Thousands of businesses at risk worldwide as new data exfiltration technique
uncovered - here's what you need to know

Date:
Mon, 28 Apr 2025 21:04:00 +0000

Description:
Data Splicing Attacks expose the inability of current DLP tools to detect
insider-driven data leaks through browsers.

FULL STORY

A newly uncovered data exfiltration technique known as Data Splicing Attacks
could place thousands of businesses worldwide at significant risk, bypassing
all leading data loss prevention ( DLP ) tools.

Attackers can split, encrypt, or encode data within the browser, transforming
files into fragments that evade the detection logic used by both endpoint
protection platforms (EPP) and network-based tools - before these pieces are
then reassembled outside the protected environment.

By using alternative communication channels such as gRPC and WebRTC, or
secure messaging platforms like WhatsApp and Telegram, threat actors can
further obscure their tracks and avoid SSL-based inspections.

Threat actors now splice, encrypt, and vanish

The growing reliance on browsers as primary work tools has increased
exposure. With more than 60% of enterprise data stored on cloud platforms
accessed via browsers , the importance of a secure browser has never been
greater.

Researchers demonstrated that proxy solutions used in many secure enterprise
browsers simply cannot access the necessary context to recognize these
attacks because they lack visibility into user interactions, DOM changes, and
browser context.

Additionally, endpoint DLP systems struggle because they rely on APIs exposed
by the browser, which do not offer identity context, extension awareness, or
control over encrypted content.

These limitations create a blind spot that attackers can exploit without
detection, undermining many enterprises ability to defend against insider
threat scenarios.

What makes this discovery even more urgent is the ease with which these
techniques can be adapted or modified. With new code, attackers can easily
create variants, further widening the gap between evolving threats and
outdated protections.

In response, the team introduced Angry Magpie, an open source toolkit
designed to replicate these attacks. Security teams, red teams, and vendors
can use the tool to evaluate their defenses.

Angry Magpie allows defenders to assess their systems exposure in realistic
scenarios, helping identify blind spots in current implementations of even
the best DLP solutions.

We hope our research will serve as a call to action to acknowledge the
significant risks browsers pose for data loss, the team said.

======================================================================
Link to news story:
https://www.techradar.com/pro/thousands-of-businesses-at-risk-worldwide-as-new
-data-exfiltration-technique-uncovered-heres-what-you-need-to-know

$$
--- SBBSecho 3.20-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)

You are viewing proxied material from cvs.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.