An Analysis and Live Demonstration of the Emerging Attack Vector of Malicious Extensions

Webinar Registration

Threat actors are always looking for ways to carry out their malicious intent but do so in a way that evades detection. The attack vector of using malicious web browser extensions potentially provides cybercriminals with access to browser passwords, personal data through victim’s continual access to sites like LinkedIn or Facebook. It also may go completely undetected by endpoint protection solutions and the user alike through sideloading methods that install extensions silently.

The use of malicious extensions is showing a steep increase in volume and sophistication. And yet, unlike traditional malware or exploits, it’s not yet well understood or focused on by cybersecurity professionals.

In this Real Training for Free session, we’ll take a look at the threat of malicious extensions, how they’re used, and what they’re capable of. Up first, 4-time Microsoft MVP Nick Cavalancia takes my seat as he outlines the reality of the threat of malicious extensions, provides some real-world examples of attack groups using this vector, and maps it to the MITRE ATT&CK Framework.

Next, you’ll hear from Or Eshed, Co-Founder & CEO at LayerX Security. Or will explain in detail how adversaries create and pick their malicious extensions, and will cover:

How legitimate browser permissions that are present in many legitimate extensions can become a lethal weapon that can access and exfiltrate data.
The different delivery methods of such extensions, exploring various sideload techniques that enable attackers to silently install it on a user’s machine without the user’s awareness or consent.
An analysis and demonstration of the techniques malicious authors use to exfiltrate the user data an extension harvests and evade detection of existing network security controls.
Why neither endpoint protection nor firewall\proxy can successfully confront this rapidly emerging threat.

Or will also present LayerX’s secure browser extension and demonstrate how it can detect and disable malicious extensions with real time monitoring, risk analysis, and active enforcement of every action that takes place within the browser.

Please join us for this practical and educational real training for free session.

First Name:	Required
Last Name:	Required
Work Email:	Required Invalid email address
Phone:	Required
Job Title:	Required
Organization:	Required
Country:	Required
State:	Required
Company Size:	RequiredRequired
Industry:	RequiredRequired
	Your information will be shared with the sponsor. By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor. Tweet

Upcoming Webinars

Anatomy of a Cloud Hack: The Cloudflare/Okta Compromise – A Story of Tokens, Lateral Movement, Persistence and the Salvation of Zero Trust and Hard MFA Tokens

Additional Resources

User name:
Password:
	/ Forgot?
	Register

April 2024 Patch Tuesday	"Patch Tuesday - One Zero Day and Record Number of Patches! " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.