AI, Social Engineering, And The New Browser Attack Surface

[00:00:06] Have you ever noticed how phishing has quietly moved beyond the inbox? There's been a whole spate of LinkedIn phishing attempts and attacks recently that set off my tech spidey sensors. And it got me thinking how for years we've trained employees to watch out for suspicious emails, strange attachments, don't click on that dodgy link. But attackers have adapted. Increasingly, they're now meeting people where they already spend their working day.

[00:00:35] Yeah, I'm talking about inside the browser and inside platforms like LinkedIn, Google Search and collaboration tools. And today's guest has spent most of his career studying how these attackers actually operate. His name is Adam Bateman. He's the co-founder and CEO of Push Security. And before building the company, he spent nearly two decades running high-end adversary simulations for major global organizations.

[00:01:03] And his job was to act like a real attacker, break into large enterprises and show security teams exactly how those breaches happen. And those experiences revealed a pattern that many companies still overlook. And that is the place where employees now work, which is usually the browser, is often the very same place that attackers are launching their campaigns. Messages might arrive through LinkedIn.

[00:01:31] Users interact with cloud apps through browser sessions. And authentication flows happen inside many, many different web pages. And yet, those traditional security tools that many enterprises still rely on, well, they're still focusing on endpoints, networks and email. So today, I want to talk about the growing wave of browser-based attacks. Why LinkedIn phishing is becoming so effective.

[00:01:58] And how techniques like ConsentFix are exploiting legitimate identity workflows rather than relying on traditional malware. So if you still think phishing is just an email problem, I'm hoping today's episode will change how you look at your own security posture. But let's get into it. What happens when attackers move their operations directly into the browser? Where your work is taking place?

[00:02:26] Let me bring Adam onto the podcast right now. So thank you for joining me on the podcast today. Can you tell everyone listening a little about who you are and what you do? Thanks for having me on. Yeah, happy to. My name is Adam Bateman. I'm co-founder and CEO of cybersecurity company Push Security. I come from a red team background. So we actually did a lot of very high-end offensive security assessments.

[00:02:55] And there's lots of different security we did, but what we became really well known for in the industry was really doing very high-end adversary simulations. So we'd have lots of Fortune and FTSE 100 companies, like big banks and other financial institutions. And they would kind of ask us to simulate an attack from a big nation-state adversary like Russia or something to actually like a fire drill so they could understand what that felt like. And then we would achieve the objective. We'd feed that back to people.

[00:03:24] And we'd sort of help them use that to improve the security. So, yeah, did that for about 20 years, security for a long time, and it led me to founding Push Security to help take the fight to attackers. Well, I'm glad you've joined me on the podcast today. So much I want to talk with you about. I recently had an email appear in my inbox from someone offered me a perfect job role from LinkedIn. It wasn't until I did a bit of due diligence and went from my email to LinkedIn and looked up the person,

[00:03:54] and this person was saying there was somebody out there pretending to be her offering everyone job roles. And this woke me up to so many different LinkedIn phishing attacks that we're seeing at the moment. And I know this is a subject close to your heart. So how do these LinkedIn attacks differ from traditional phishing, from what you've been seeing? Yeah, I mean, phishing is just one of those industry problems that just does not want to go away.

[00:04:22] And I don't think we've ever really managed to solve the problem as an industry. And we started to, I mean, it's a classic thing, right? Every time you start to get grips with it, the attackers feel the friction of doing those attacks, and then they start to evolve elsewhere. So for a very long time, people very, very much associated phishing with email because that was the primary resource. And that's still true. You wouldn't want to drop your guard on email security.

[00:04:47] But because it got so good, it's now high friction and attacks getting blocked a lot more. Attackers have to work out harder. And they're just like anyone else, really. They look for ROI when it comes to executing attacks. So they want the quickest route in before they try to achieve the objective. So as it gets harder, they look elsewhere. So what we've seen increasingly is, as you said, phishing attacks becoming what we call omni-channel, which is that they're going out across other channels that are outside to avoid email.

[00:05:17] LinkedIn is a classic place, particularly if you take control of someone's LinkedIn profile. You can then use that profile to start targeting people who are connected to that profile. So the victims then will receive a message on LinkedIn Messenger from someone that they seemingly know, which increases trust. And obviously, at that point, if you drop the phishing link to them, you can click on the link and it can lure them into doing something like giving their credentials away, for example.

[00:05:46] And the thing that's interesting about this is really simple as a delivery mechanism, but it just tends to be completely outside of any corporate security controls, right? Because there's no email being sent. Quite often, you're blurring the boundary between a personal and a business, the personal business world, because you're luring people out onto their personal LinkedIn account and tricking them to enter corporate credentials in. So that's kind of how the method works in general.

[00:06:14] Of course, it executes inside the browser, which is why we're able to see those sorts of attacks and actually prevent them. And there was a big stat attached to these. I think it was something like as much as 34% of malicious phishing attempts now push a detector that they've recently originated outside of email via LinkedIn, Google search and other delivery mechanisms. But why are attacks like these on LinkedIn? Why are they such a higher risk, do you think?

[00:06:42] Mainly because of the fact that I have lack of control, I would say. Because if you think about how email security phishing works, you're looking for something suspicious in that email. And LLMs, Gen AI have made that a lot more effective. So you can actually quarantine the email before a user clicks it, which is very, very effective. The problem when sending something via LinkedIn Messenger is it just doesn't go through that. And there's just no defense there, really.

[00:07:12] So obviously what we're doing at Push Security and why we have visibility into these is we're building security directly into the browser through a very lightweight browser extension. And what that means is we can actually see the phishing link happening on the page. We can actually see when a user clicks and it gets taken away to something suspicious and actually look at the web page itself. But this category of us doing things inside the browser is quite new. It's not something that attackers are yet aware of.

[00:07:38] So I think, yeah, really it's just a lot of friction inside the traditional means. And you're seeing people start to go out to other channels. LinkedIn Messenger is a big one, but you also see WhatsApp, SMS. As you said, Google search as well is another big one. So we're just seeing the number of attacks on those other channels really rising because of the lower barrier to entry in terms of actually successful attacks.

[00:08:03] And one of the interesting things, of course, is that it makes it easier to target senior business users who have that privileged access to a wide range of business apps. Is that why we're seeing more attacks like this? Or is it a number of reasons why we're seeing so many attacks? I'd say that's another reason. I mean, it's because of the fact that it's coming from seemingly a profile that you know and you can actually see a person behind it, especially if the profile has been well built.

[00:08:32] It does hold a higher level of trust. You know, if you get an email through that's sort of not particularly well written and you don't recognize the person or anything else, you can just be a bit more suspicious. But there's something about it when there's a real social profile behind it you can look at that can happen. I think another reason is, as we said before, LLMs and Gen.AI have got very good at actually sounding incredibly human.

[00:08:59] And so you can now start to do these sorts of attacks at much more scale. So rather than you having to manually go and send messages out to various people, you can now automate a lot of that with Gen.AI and actually have an entire discussion with someone to build trust over a period of time and then drop a link to them on LinkedIn as well. So, yeah, so I think this is the good and the bad of the Gen.AI side. It's brought massive productivity gains and really changed the world for a lot of us.

[00:09:27] But obviously also for attackers. And I think one of the interesting things here is the browser is the new endpoint. Work and applications are very often in browsers. So attacks are happening in the same place. Makes perfect sense in the browser. And mail security doesn't see LinkedIn DMs, as you said there. Any other reasons why traditional tools that enterprises have in place that have got that false sense of security that they are protected?

[00:09:56] Any other reasons these tools are not picking up this new attack vector? Well, I think the reason people say browser is the new endpoint is really because the traditional network that you were defending was your laptop with native desktop applications running on those. And they're communicating internally to servers right across the network.

[00:10:22] So you really have a laptop and a server that's bound together by ports and protocols. As everyone has started to shift more and more and more to the cloud and to SaaS, it's now changed. And the link is actually between the browser and that cloud infrastructure is bound together by identity or different user accounts. So there's been an architectural shift in the way that companies look and how they sort of operate in that sense.

[00:10:50] And so if you were on a traditional endpoint and you were kind of using like an antivirus or an EDR agent or something that's running on the device itself, you're technically in a position to be able to see phishing attacks across all channels, like across LinkedIn and everywhere else. But the problem is, is that you can't really easily see inside the browser, right?

[00:11:15] It's an encrypted tunnel going from the browser out to that cloud infrastructure or out to that social media platform, wherever it may be. So there are ways to use an endpoint agent to sort of inject in and break the TLS stream and see inside it. But it really breaks a lot of good security standards, causes problems around certificate pinning, everything else. So in a legitimate sense of the way everything was designed, it's not possible for those agents to see inside the browser because it's all encrypted tunnel.

[00:11:43] And so that's the thing that makes it kind of difficult. Now, what you can do is use the agent to look at a DNS request and say, oh, the user's trying to visit this URL and that URL is known to be bad. And so I'll block access to that. But we see a lot of these phishing attacks now are very one-time use. So it will hit a victim and then it will shut down and it will come up a new URL. So it has very limited value in this with these new attack scenarios.

[00:12:10] So by actually moving inside the browser, you actually have that full context. You can see the full page. You can see the DOM. You can see users entering information into this and say, look, this user's trying to type a password that's usually meant for legitimate corporate system over here into this other unknown site where it's never been done before. We need to stop that from happening. And that extra level of context and visibility is just much, much more powerful against a lot of these modern attacks.

[00:12:36] And at Push, you recently identified a campaign you called Consent Fix, which was inspired by click fix style techniques. But for anyone listening, hearing about these words for the first time, just tell me a little bit more about that and how they're different from traditional phishing and also why businesses and people listening should care about them. Yeah, that was a really interesting attack. We published a lot of research like this. And I think there's two reasons.

[00:13:04] One is because of our, you know, as I mentioned before, we have a red team background. We're very research oriented. We're very used to being in the sort of cutting edge and looking for emerging techniques. So partially because of our research DNA, but partially because of the unique position we have inside the browser. We're seeing things others aren't. And the consent fix was a particularly interesting one. We actually coined the term consent fix because it hadn't been seen before. And the reason for that is because it's kind of a mashup between two other techniques that are much better known.

[00:13:34] So click fix is effectively where you trick the user into running commands on your window or on your laptop of some kind, like Windows or Mac. And so typically what that would look like is the user is served a page. They're lured to that page through multiple ways. It could be LinkedIn. It could be a Google search. But once they land on the page, what it's actually doing is saying, oh, hey, in order for you to continue, please verify you're human. Like using a kind of recapture.

[00:14:02] But instead of you solving a puzzle or you, you know, doing something like, you know, clicking a checkbox to say that you're human. Instead, what it's actually asking you to do is to run some commands. And so I'm using those commands combinations. It actually executes a command on your laptop and that downloads and affects your mouse.

[00:14:27] So that's been a prolific click fix has been a really big, you know, we've seen a huge surge in that and it's highly successful. So that's one attack. The other attack then is consent phishing. And so the idea of that is that if you're in a position now where people have MFA enabled, you're starting to see people use pass keys and everything else. Attackers now need to adapt and find a way around this.

[00:14:51] And so instead of they can't access your account because it has a strong form of MFA on it, what they do instead is trick you to install an app inside your Microsoft tenant. So they send you a link. It pops up and says, hey, you know, you need to press accept and installs an OAuth app inside Microsoft 365. And that app can then exfiltrate all their emails and do whatever they want to do. That's the attack that was used actually against Salesforce recently and a number of other campaigns.

[00:15:19] So anyway, those two things together were separate. What we saw with this particular attack called consent fix was it was kind of both of those things combined. So we confirmed that this was an attack group known as Midnight Blizzard, which is associated with Russian nation state. We had that fairly reliably attributed by some, you know, some well-known companies.

[00:15:41] And what the attacker actually did was they first backdoored a lot of legitimate websites that are on the Internet. And then they implanted a bit of JavaScript onto those websites. What that meant was the victims then did an organic, legitimate Google search, just a normal Google search like you do every single day. And when you click on one of the blue links to the pages, it would take you to one of these infected pages. Very difficult to detect.

[00:16:10] This is then what they call a watering hole attack. So, you know, you're unknowingly just visiting a site as you would normally. And it pops up with one of these capture events and says, hey, you need to verify that you are human. But the difference here was that instead of tricking the user to running commands on your operating system, which you would have the opportunity to detect via endpoint agents and EDR, what it would do instead is trick you to run a certain number of commands that actually took full control of Azure.

[00:16:39] So, i.e. your cloud infrastructure. And it was a really novel, interesting attack. Quite basic when you look at it as a step. You think, are you sure this is going to work? I don't think I would fool for this. But people were en masse. And it resulted in a full compromise of M365. But the thing that was fascinating about it really is that it was 100% browser native, right? Because of the fact that you're tricking a user to run certain commands inside the browser, which results in compromising Microsoft 365, there's never that command being run on the operating system.

[00:17:08] And it stays 100% inside the browser. So there is actually no way that you would be able to detect and see that attack from happening any other way other than you being in the browser. And for people listening, hearing about click fix and consent phishing for the first time, probably set off a few alarm bells and light bulb moments there. What should they be thinking about when it comes to browser-based social engineering attacks and how they can better protect themselves and indeed their workforce?

[00:17:38] What should they be thinking here? I think the first thing is just being really aware that these sorts of attacks are happening. At a macro level, it's no different from really ever before. I mean, if you're in a situation where you leave your front door open, the attacker can just walk straight through it. You start closing the front door. They start going to the side and back door. That's just what happens. And it constantly evolves.

[00:18:03] So I think in this sense that we had a situation for quite a long time, 20 years ago when I first got into the industry, there was none of this even endpoint attacks. It was all just internet-facing infrastructure. Attackers would sit at home and they'd scan whatever it was internet-facing and break through your DMZ and into the internal network. That was the world, right? No one really even talks about that stuff anymore. It's kind of just table stakes. But as that got harder and harder, the attackers felt the friction.

[00:18:33] And so what happened is they started hopping over the wall and going straight down to the endpoint. And then that's the kind of world that we're all baked into at the moment. The thing is, that's been happening for a decade or more now. And you have to remember that all these security controls have got way more advanced and much more mature over time. So users are seeing the attackers are feeling the friction again. So they're just shifting into the lower friction area.

[00:19:00] So being inside the browser makes sense because there's no security there really. It's much more limited. And it allows you access to where the data actually now resides, which is in cloud and SaaS. So just knowing that that's happening is a very important part. The big attacks, I'd say, that are coming around are, number one, phishing that we've spoken about. Well, that's similar, but just through other vectors and more legitimate techniques. The other one is malicious browser extensions.

[00:19:26] So we see attackers tricking users into installing malicious Chrome or Edge extension or compromising one that's already used by millions of users and using that to get inside someone's browser. And then the other thing is just all these user accounts that are being created across the Internet on your chat GPTs and your Dropboxes and all these other things. Attackers can just go after those and just do password guessing attempts and everything else to get in. So I'd say that the attacks are similar to where they are. They just moved into this other vector.

[00:19:56] And before you join me on the podcast today, I was doing a little research on you guys. And I was reading how push is bringing real-time detection and response to where work and attacks actually happen inside the browser. So tell me more about that. And how is it different from other approaches that listeners might be aware of? What do you guys do differently? Yeah, the best way to think about, I mean, we're in the browser security space. And I mean, firstly, we got into this space.

[00:20:23] I didn't just inherit the company and then go, oh, what's the best way to sort of position this? It came from the fact we were red teamers. And we thought about how we would target networks. And we felt the friction hitting network. And so over time, as people started becoming more cloud-orientated, we thought to ourselves, well, how would we attack this type of company? Okay, this is a big gap. This is something we need to solve. So we've just been evolving and looking into this all the time and coming up with the best ways to help people defend against these problems.

[00:20:51] And defend people from us and what we would do. So what we arrived at as the best solution is a very, very lightweight browser extension that you deploy out via something like MDM. A couple of clicks, it ends up in every user's browser very, very quickly. We felt like this was best because you are seeing some people building enterprise browsers that are entire browsers, which is really powerful. But it's a lot of change control there, right? You've culturally got to get the entire company to adopt a whole new browser.

[00:21:21] You've got AI browsers coming in now that increase productivity. It's quite hard to unify everybody on that single browser. So browser extension make the most sense to us. And once you've installed it, that's it. It powers the browser up. Two broad things. It blocks attacks directly. So if it finds a malicious extension, it takes it out. If it sees a phishing link or users doing something they shouldn't, it stops it from happening. We can see all the user accounts that are being created. And if there's one that's vulnerable, it fixes it or gets the user to fix it in that way.

[00:21:51] So blocking first is very much a paradigm that we adopt to try and take as much work away from people as possible. But we also just on top of that extract incredible amounts of telemetry that get fed back into a SIM or a SOAR, just like EDR does. So you can actually see everything that's happening, a full timeline leading up to the event and that kind of stuff. So, yeah, really nothing else that sort of compares with this. This is a big shift and it's giving visibility where people haven't had it before.

[00:22:20] We've spoken today around enterprises. They need to be gaining visibility into browser activity and extensions. Get used to monitoring session behavior, not just credentials. But where do you see the broader cybersecurity shift happening? This space is moving so quickly at the moment. Anything else you're seeing out there that raises any alarms or anything that people listening should be keeping a listen out for, a lookout for?

[00:22:45] Yeah, I mean, I think the big thing is you can't go through a podcast or any conversation without mentioning AI and how it's affecting things. So I should address that. But I think that's the thing is that there's a big unknown about how some of these attacks begin to play out. Right. And I think the obvious thing is it allows all this stuff to happen at much greater scale and a lot quicker.

[00:23:09] So one of the things that we're seeing, for example, is that, you know, in the past, phishing sites would be fairly basic or kind of not very well built because there's a lot of work that goes into them. But now you can just point an application at OpenAI's website or Dropbox or whoever's website you want and just say, make a clone of this. And it just goes boom, spins up the phishing site very, very quickly, you know, vibe coded and looks really legitimate and everything else.

[00:23:38] So I think the sophistication, the speed of these are opening up quite a lot. And that's affecting every area, not just the area we're talking about. You're seeing people writing malware quicker and everything else as well. But the other side of it really is like how people are going to weaponize AI rather than just using it to improve what they're doing already.

[00:23:57] And we've seen things like, you know, done experiments where it's quite difficult, actually, to, you know, if you're talking about thousands of SaaS applications online and you steal someone's credentials through phishing, to actually try that on across all those different applications in one go is actually quite tricky to do with a script because of bot protection and because every single application is kind of quite unique.

[00:24:22] Whereas with Gen.ai, it's actually possible to have it drive the browser and navigate the page and LinkedIn and try those different things in one go. Right. So I think it's kind of interesting as agents start coming up and agents doing attacks, what does that allow them to reach? And what will that kind of create over time and how we adapt to those is something that we should all be thinking about in the industry. Something I always try and ask my guests, especially yourself here in the middle of cybersecurity,

[00:24:50] and you must spend a lot of time researching and reading various material online, whether it be on LinkedIn or professional publications, tech publications. Are there any myths and misconceptions that you repeatedly read out there, whether it be about securing the endpoint, securing the browser or AI and cybersecurity? Are there any themes or anything that you repeatedly say that we can just lay to rest today once and for all? Anything frustrate you? Any myths or misconceptions there?

[00:25:20] I think in my... I mean, I'm thinking about it. I'm obviously quite immersed in the browser world, so I'm obviously thinking it through that lens. But I think the big thing is people saying... I hear a lot of people saying the browser's going to go away. And I sort of do get that conceptually, because as we're moving more into an agentic world, more and more agents running and sort of stopping users needing to do the interactions. Like, I can kind of see that.

[00:25:46] But it's a little bit like saying, you know, networks or endpoints are going to go away when we move to cloud. Like, it takes a long time for that shift to happen. And actually, generally speaking, most of the security issues are in the era before. Like, the big thing people are still suffering with massive vulnerabilities running across all their operating systems and everything else, even though we've moved to the cloud and the technique that could happen is always that support.

[00:26:10] So I think that at the moment, the use of agents is incredibly exciting, but they will exist at every layer of the stack, right? They're going to exist locally on your operating system, where you can do things there, like running commands and things that couldn't be done anywhere else. They'll run inside the browser, as we've already seen with the comets and everything else. And they'll be hosted on cloud and doing things at that level as well. And so I think that all of these different areas of a stack are going to remain...

[00:26:39] We won't necessarily get replaced with those in those ways. But yeah, we're going to end up having lots of agents running in different areas and trying to understand what those look like. And for anybody listening that would like to dig a little bit deeper in the report we referenced, hear more about the work you're doing, or just find out more about some of the announcements that will be coming out later this year. Anywhere in particular you'd like me to point everyone listening today?

[00:27:07] I mean, to stay up to date with research, I mean, we post everything on social media on AXE. You can just follow us at PushSecurity. But going to our website, pushsecurity.com, we have a blog on there with all this information that you can see. So yeah, I think I'd say either follow us on social media or check out our website. We're obviously publishing a lot of the stuff all the time. And feel free to reach out to me if you're interested in any of this. I'm happy to jump on a call. It's a fascinating area.

[00:27:35] So many attacks that we see, like the ConsentFix one, which is just super interesting, unique and different. But obviously, you don't have time to cover them all. Yeah, 100% with you. As you said, the browser is the new endpoint. That's where work and attacks now happen. But there is a missing middle in detection. Detection visibility between malicious activity and impact when relying on some of those traditional monitoring tools out there. And I love what you're doing.

[00:28:04] So just a big thank you to sharing with me what Push brings in real-time detection and response in the browser. I'll add links to everything you mentioned, including the report we referenced, our social channels and everything in between. I'd urge everyone listening to check those out. There'll also be a blog post associated with this episode at techtalksnetwork.com, where you can leave me an audio message or send me a DM there as well. Love to hear people's thoughts on this. But just a big thank you for bringing all this to life today.

[00:28:33] I think we'll be hearing from a lot of people. But thank you so much. Thanks for having me on. Enjoyed the chat. Thanks. I think one of the many things that stood out in our conversation today is just how familiar this pattern feels. Security improves one area. Attackers feel the friction. And then they shift somewhere else. And for years, organizations have invested heavily in securing email endpoints and networks. And those defenses matter. And they've made a difference. No doubt.

[00:29:02] But as Adam explained, many attackers are now focusing their attention on the browser. Because that is where identities, cloud apps and user interactions meet. So it was great hearing more about how techniques like consent fix demonstrate a broader shift rather than exploiting technical vulnerabilities. And how attackers are increasing manipulating legitimate workflows.

[00:29:26] And that gap between login and breach that Adam described today, I think that feels like the missing middle in detection. So from my point of view, the takeaway was simple but uncomfortable. If the browser is where the work is happening, then it also needs to be treated as a security control point. And if you want to explore more of the research that Adam mentioned, including the work that Push Security has been doing around browser-based attacks, you'll find that at pushsecurity.com.

[00:29:55] I'll also include links in the show notes and the blog post associated with this episode at techtalksnetwork.com. And as always, I'd love to hear your thoughts. While you're over at my site, let me know. Are you or your organisation paying enough attention to what is happening inside the browser for every employee every day? Or are you still defending yesterday's attack surface and what needs to change? techtalksnetwork.com.

[00:30:24] Send me an audio message, a DM, whatever it is. I'd love to hear from you. But that's it for now. I'll be back again soon with another guest. But thank you for listening today. And stay safe, everyone. Bye. Bye. Bye. Bye.