SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
SaaS
#
Data Protection
#
Ransomware

SquareX warns of rising browser-native ransomware threat

Mon, 31st Mar 2025
Author image
By Melania Watson, Interview Editor

SquareX has issued a warning concerning the rising threat of browser-native ransomware, which poses significant risks to millions of internet users globally.

Historically, ransomware has targeted devices directly, encrypting files and demanding payment for their release.

As the reliance on cloud and SaaS services increases, the browser has emerged as the new primary target. Browsers serve as the main conduit for employees to perform tasks and access internet-based resources, making them the epicentre of potential cyberattacks.

Vivek Ramachandran, Founder of SquareX, has raised concerns about this evolving threat landscape.

"With the recent surge in browser-based identity attacks like the one we saw with the Chrome Store OAuth attack, we are beginning to see evidence of the 'ingredients' of browser-native ransomwares being used by adversaries."

"It is only a matter of time before one smart attacker figures out how to put all the pieces together. While EDRs and Anti-Viruses have played an unquestionably vital role in defending against traditional ransomware, the future of ransomware will no longer involve file downloads, making a browser-native solution a necessity to combat browser-native ransomwares."

Unlike traditional ransomware, browser-native attacks do not require a file download, allowing them to bypass common security measures.

Instead, these attacks exploit digital identities, often through cloud authentication processes, which have become integral to modern business operations. According to SquareX's findings, these attacks frequently involve AI agents, minimising the need for manual intervention and social engineering on the part of the cybercriminal.

The dynamics of these attacks might involve misleading a user into allowing a seemingly harmless productivity tool access to their email.

Through this entry point, attackers can survey the user's registered SaaS applications and systematically compromise their security by resetting passwords using AI-driven capabilities. Such scenarios facilitate access to extensive enterprise data repositories, effectively locking out legitimate users.

File sharing services are also susceptible, as attackers utilise compromised identities to exfiltrate and erase documents. This extends not only to individual accounts but also to shared drives that encompass contributions from colleagues, clients, and other third parties.

This increases the breadth of impact, as a singular oversight by an employee could potentially expose vast enterprise resources.

The shift towards browser-centric work processes reflects the broader trend of moving data creation and storage online, steering attackers towards these targets.

As browsers solidify their status as the new endpoint, organisations must reassess their security frameworks.

Just as Endpoint Detection and Response (EDR) systems were pivotal in addressing traditional ransomware, a comprehensive browser-native security solution is paramount for future resilience.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Bill O'Connell appointed Chief Security Officer at Commvault
Rapid7 announces winners of 2025 Partner of the Year Awards
Enterprises face rising risks from generative AI data leaks
Datadobi unveils StorageMAP 7.2 with advanced insights
ESET unveils new strategies to combat evolving cyber threats
Top stories
Drew Gardner appointed as Veeam's UK & Ireland VP
Apricorn unveils new Thunderbolt 4 docking station for hybrid work
Sysdig appoints Gary Olson & Crendal Kear to executive team
World Cloud Security Day: Genetec outlines best practices for cyber resilience
Morphing Meerkat leads sophisticated phishing operation