SINGAPORE, Thursday, August 22, 2024 – SquareX delivered a groundbreaking presentation at DEF CON 32, univocally proving that Secure Web Gateways (SWGs) are broken beyond repair. Presented by SquareX founder Vivek Ramachandran and the research team, the talk exposed over 30 bypass techniques that highlight core architectural vulnerabilities in SWGs, challenging the effectiveness and relevance of a technology that has been trusted for over two decades.

To demonstrate the ease with which SWGs can be bypassed, SquareX introduced browser.security, a website designed to allow anyone—including SWG vendors—to test their products. The framework’s release has already garnered much attention, with thousands of requests logged through SWG solutions from top SASE/SSE vendors, potentially indicating that both customers and vendors are scrutinizing their products for vulnerabilities.

Audience reactions to the talk were overwhelmingly positive. One attendee, representing a security team, commented, “We are very surprised to see how easy it is to deliver malware to the endpoints by bypassing SWGs.” Another added, “It’s surprising that SWG vendors have not acknowledged these issues in their public documentation.

Many are unaware of how much browsers have evolved into complex systems that resemble standalone operating systems. SWGs are becoming obsolete in monitoring and securing the browser. These revelations sparked widespread discussion on social media and across industry platforms, highlighting the need for a new approach to web security. A CISO from a Fortune 500 enterprise commented on one of the threads, stating, “It’s evident that the only way to protect users is to build security solutions natively within the browser.

Vivek Ramachandran, Founder & CEO of SquareX, emphasized this point, “Attackers are targeting employees of organizations while they are online, and the old guard SWGs are failing to detect and block new-age client-side web threats due to their antiquated architecture. In our view, the only way to detect and block these complex attacks is to have access to DOM changes, browser events, user interactivity etc., as input to detection algorithms, and the only way to do this is to have a browser-native product. This is exactly what SquareX is building.

SquareX invites enterprises concerned about the security of their SWG solutions to engage with the company directly. For more information or to request an assessment, visit sqrx.com or contact SquareX at founder@sqrx.com.

About SquareX:

SquareX helps organizations detect, mitigate and threat-hunt web attacks happening against their users in real time. With our innovative browser-native security product, SquareX safeguards enterprise users from a spectrum of web-based threats, encompassing malicious files, websites, scripts, and compromised networks.

For more information, visit http://www.sqrx.com

About Vivek Ramachandran:

Vivek Ramachandran is a security researcher, book author, speaker-trainer, and serial entrepreneur with over two decades of experience in offensive cybersecurity. He is currently the founder of SquareX, building a browser-native security product focused on detecting, mitigating, and threat-hunting web attacks against enterprise users and consumers. Prior to that, he was the founder of Pentester Academy (acquired in 2021), which has trained thousands of customers from government agencies, Fortune 500 companies, and enterprises from over 140+ countries. Before that, Vivek’s company built an 802.11ac monitoring product sold exclusively to defense agencies.

Vivek discovered the Caffe Latte attack, broke WEP Cloaking, conceptualized enterprise Wi-Fi Backdoors, and created Chellam (Wi-Fi Firewall), WiMonitor Enterprise (802.11ac monitoring), Chigula (Wi-Fi traffic analysis via SQL), Deceptacon (IoT Honeypots), among others. He is the author of multiple five-star-rated books in offensive cybersecurity, which have sold thousands of copies worldwide and have been translated into multiple languages.

He has been a speaker/trainer at top security conferences such as Blackhat USA, Europe and Abu Dhabi, DEFCON, Nullcon, Brucon, HITB, Hacktivity, and others. Vivek’s work in cybersecurity has been covered in Forbes, TechCrunch, and other popular media outlets.

In a past life, he was one of the programmers of the 802.1x protocol and Port Security in Cisco’s 6500 Catalyst series of switches. He was also one of the winners of the Microsoft Security Shootout contest held in India among a reported 65,000 participants. He has also published multiple research papers in the field of DDoS, ARP Spoofing Detection, and Anomaly-based Intrusion Detection Systems. In 2021, he was awarded an honorary title of Regional Director of Cybersecurity by Microsoft for a period of three years, and in 2024 he joined the BlackHat Arsenal Review Board.

SINGAPORE, Aug 6, 2024 – SquareX Founder, Vivek Ramachandran, cybersecurity veteran with over 20 years of experience and founder/ex-CEO of Pentester Academy (acquired by INE), together with the security research team, will be delivering their latest findings in an upcoming main stage talk, titled Breaking Secure Web Gateways (SWG) for Fun and Profit! at DEF CON 32’ on Friday, August 9, 2024 at 5pm PT.

The talk will unveil ‘Last Mile Reassembly Attacks’, a new class of attacks that completely evade Secure Web Gateways (SWGs), a crucial component of modern Secure Access Service Edge (SASE) and Security Service Edge (SSE) solutions.

The web browser is the most used application within the enterprise but also the least protected. Bad actors are now increasingly targeting the weakest link: employees and consultants.

Unfortunately, most of these attacks happen online when the employee or consultant is going about his daily work. Existing security solutions like SWGs as part of SASE/SSE solutions are unable to protect users against modern web threats that happen on the client side. This makes it currently impossible for enterprise security teams to detect, mitigate and threat hunt these attacks.

Vivek Ramachandran and the SquareX team have conceptualized and identified a new class of attacks against SWG and cloud-based intercepting proxies, converting traditional attacks like malware downloads and malicious websites into something undetectable by all existing vendors in the Gartner Magic Quadrant.

This class of attack is called “Last Mile Reassembly Attacks”. The vulnerabilities the team discovered are architectural and vendor-agnostic, meaning there is no specific way to fix them.

These attacks will have a massive impact on SASE, as it is a $40 billion market, and every large security vendor has an SWG product vulnerable to this new class of attacks. This is an industry-first research highlighting attacks that we suspect may have been circulating in the wild for some time. As these client-side attacks are fundamentally different in nature to the attacks that SWGs typically detect, they have remained unnoticed. Upon revealing these attacks and the release of the accompanying toolkit, enterprise vendors can assess their security posture and build countermeasures.

During the main stage talk, Vivek will shed light on this Last Mile Reassembly Attacks” – where a file download, upload or site rendering never actually happens on the server side. Instead, the attack is assembled directly in the user’s browser using various techniques, which will be explained in detail during the talk. This way, malicious files can evade triggering SWGs, leaving many enterprises across the globe vulnerable to being attacked.

Researchers at SquareX will also demonstrate over 25 plus bypass methods, including chunking attacks, WASM payloads, and others.

“The research team and I are excited to be presenting the talk at DEF CON 32. This talk will challenge SASE, SSE vendors in the current space. We hope that vendors will rethink their reliance on cloud-based web attack detection models and understand the need for a client-side (either endpoint or browser-bjhased) security agent and browser-hardening to work in tandem with the SWG for accurate detection-mitigation of attacks,” says Vivek Ramachandran, Founder & CEO of SquareX.

Web attacks have far advanced and evolved in today’s world and if enterprises do not change the way they protect their users, they will essentially be vulnerable to these web threats and attacks. SquareX is dedicated to enhancing online security for enterprises. By bringing these vulnerabilities to light and advocating for a more comprehensive approach to browser security, the team’s research serves as a critical alert to the cybersecurity community.

The revealing of “Last Mile Reassembly Attacks” and the release of the accompanying toolkit are poised to challenge the way enterprise security teams think and will prompt enterprises to reassess their methods for protecting employees from browser-based attacks.

About SquareX:
SquareX helps organizations detect, mitigate and threat-hunt web attacks happening against their users in real time. With our innovative browser-native security product, SquareX safeguards enterprise users from a spectrum of web-based threats, encompassing malicious files, websites, scripts, and compromised networks.

About Vivek Ramachandran:
Vivek Ramachandran is a security researcher, book author, speaker-trainer, and serial entrepreneur with over two decades of experience in offensive cybersecurity. He is currently the founder of SquareX, building a browser-native security product focused on detecting, mitigating, and threat-hunting web attacks against enterprise users and consumers. Prior to that, he was the founder of Pentester Academy (acquired in 2021), which has trained thousands of customers from government agencies, Fortune 500 companies, and enterprises from over 140+ countries. Before that, Vivek’s company built an 802.11ac monitoring product sold exclusively to defense agencies.

Vivek discovered the Caffe Latte attack, broke WEP Cloaking, conceptualized enterprise Wi-Fi Backdoors, and created Chellam (Wi-Fi Firewall), WiMonitor Enterprise (802.11ac monitoring), Chigula (Wi-Fi traffic analysis via SQL), Deceptacon (IoT Honeypots), among others. He is the author of multiple five-star-rated books in offensive cybersecurity, which have sold thousands of copies worldwide and have been translated into multiple languages.

He has been a speaker/trainer at top security conferences such as Blackhat USA, Europe and Abu Dhabi, DEFCON, Nullcon, Brucon, HITB, Hacktivity, and others. Vivek’s work in cybersecurity has been covered in Forbes, TechCrunch, and other popular media outlets.

In a past life, he was one of the programmers of the 802.1x protocol and Port Security in Cisco’s 6500 Catalyst series of switches. He was also one of the winners of the Microsoft Security Shootout contest held in India among a reported 65,000 participants. He has also published multiple research papers in the field of DDoS, ARP Spoofing Detection, and Anomaly-based Intrusion Detection Systems. In 2021, he was awarded an honorary title of Regional Director of Cybersecurity by Microsoft for a period of three years, and in 2024 he joined the BlackHat Arsenal Review Board.

SquareX, a browser-security start-up led by serial cybersecurity entrepreneur Vivek Ramachandran, today unveiled the results of its recent study, revealing a concerning reality about major email providers’ inadequacies in safeguarding users against malicious document-based threats.

The study, conducted by SquareX’s research and development team, involved analysing 100 malicious document samples, which were segmented into four distinct categories:

  1. Original malicious document samples from MalwareBazaar
  2. Slightly altered malicious document samples from MalwareBazaar, such as changes in metadata and file formats
  3. Malicious document samples modified using attack tools that have existed for many years
  4. Basic Macro-enabled documents that execute programs on user devices.

These samples were sent via a third-party email provider, ProtonMail, to several major email providers, including industry giants such as Gmail, Outlook, Yahoo, AOL, and Apple iCloud Mail. The study revealed that while email providers like Gmail and Outlook demonstrated basic detection capabilities in identifying unmodified malicious document samples, they faltered in detecting modified malicious documents manipulated with readily accessible attack tools – exposing a glaring cybersecurity loophole that poses a potential threat to millions of users around the world.

Given the prevailing reliance on email services as secure communication channels, these findings raise important questions about the effectiveness of relying on existing email security measures and the false sense of security they may instil in millions of users and enterprises worldwide. While cyber threats are becoming increasingly sophisticated, email providers appear ill-prepared to detect and intercept these emerging threats, consequently leaving users to potential exploitation.

“The inadvertent discovery of this significant lapse in email security during our product enhancement process was startling, especially in India where most people use these services both for personal and professional work and rely on them for security,” shared Vivek Ramachandran, the founder and CEO of SquareX. “Our intention in making these findings public is to ignite a dialogue on the urgent need for reinforced security measures and encourage email providers to either elevate their security protocols or transparently acknowledge their current limitations,” added Vivek.

To bridge this security gap, SquareX has introduced an advanced in-browser malicious document scanning feature as a part of its browser extension, currently in beta. This move not only speaks of the company’s commitment to making the web a safer place but also invites other companies to join forces in securing the web activities of users and enterprises from cyber-attacks.

About SquareX:

SquareX is a browser-security start-up founded by the seasoned cybersecurity expert and serial entrepreneur, Vivek Ramachandran. At the core of SquareX’s mission is the commitment to empower users and enterprises with the confidence to navigate the online world without fear. With its innovative browser-native security solutions and unique isolation technology, SquareX aims to safeguard both individuals and enterprises from a spectrum of browser-based threats, encompassing malicious files, websites, scripts, and compromised networks.

Available on the Chrome and Edge stores, the SquareX browser extension has not only been awarded as “featured extension” by Chrome store but has also earned over 100,000 users globally in less than a year.