In early September, Palo Alto Networks publicly acknowledged that Secure Web Gateways (SWGs) are architecturally unable to defend against Last Mile Reassembly attacks. SquareX first discovered and disclosed Last Mile Reassembly attacks at DEF CON 32 last year, warning the security community of 20+ attacks that allow attackers to bypass all major SASE/SSE solutions to smuggle and reassemble malicious sites, scripts and files in the browser.
Despite numerous responsible disclosure efforts, most major vendors maintained complete ignorance, offering no customer warnings about these critical exposures for over a year. However, as attackers increasingly weaponize Last Mile Reassembly techniques to target enterprises, SASE/SSE vendors are finally acknowledging that traditional proxy-based defenses fall short when it comes to browser-native threats. In the same press release, the industry giant also recognized that “the browser is becoming the new operating system for the enterprise, the primary interface for AI and cloud applications” and that “securing it is not optional”.
This article will provide a recap of Last Mile Reassembly Attacks, its impact on organizations and 5 questions you should ask your SASE/SSE vendor.
What are Last Mile Reassembly Attacks?
Last Mile Reassembly attacks leverage various methods to smuggle site source codes, malicious scripts and files, before reconstructing them as functional malicious scripts, phishing sites and malware in the victim’s browser. These techniques exploit architectural limitations of SWGs, leading to a complete bypass. These include:
Smuggling Malicious Sites with Canvas Engine
Instead of full blown malicious sites, attackers can deliver a strea
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: