BSidesSF 2026 - Breaking Endpoint Anti-Ransomware: Going... (Nishant Sharma, Vivek Ramachandran)

Welcome everyone to the next to last presentation at least in theater 7 for uh besides 2026. Hope everyone has had a great time so far. We have Nishant Sharma talking to us today about breaking endpoint anti-ransomware going browser native. >> Thank you. Uh good afternoon everybody. Thank you for coming to our talk. So as you can tell from the title the talk of the title is breaking endear ant ransomware and going browser native. Uh so before we start just to give you a quick idea of what exactly we are talking about we are trying to see what are the techniques which we can use to make a ransomware go browser native which means it is not going to touch any

of your endpoints and uh hence bypassing all the defenses that you have on the endpoints for all of your traditional ransomares. So with that let's start. My name is Nishant. Currently I'm with Rescaler. I'm a director of threat research there. Before this we were running a company which was focused in browser security called Square X. Just got acquired when we submitted this uh slides and this presentation here. At that time we were part of Square X but now with Zcaler uh been in this field for 10 plus years. Uh was in cyber security education for some time and have done presentations uh in multiple venues. So yeah that's about it. Uh so yeah u as part of uh you know our

research uh we came across multiple threat vectors 100 plus of threat vectors that actually affects your browser u so including that so so you know when you talk about browser security and when you talk about browsers as whole you'll see that 80% of your threats are actually entering from the browser side and now in addition to that because you are you know moving into the browser your identity lives there your files are living in your SAS. All of the traditional uh applications that you are using on your machine on your endpoint has now moved to cloud. They have become SAS. So browser is becoming more and more important in that point of view and uh that is the next

progression of this thing that there are now threats which are completely browser native. So yeah that is the part that we want to highlight. Uh if we talk about ransomware again ransomware are very popular for last 9 years starting from 2017 uh when you had to see the the one cry thing after that there were multiple iterations of this you have multiple variations there were large scale attacks like you know the the colonial pipeline one there were hospitals and all kind of organizations which were hit by ransomware u so a lot of awareness is there around the ransomware but And because it is going on for last 9 to 10 years what what we are seeing is that

they have changed in the way uh you know of their in in the aspects of the impact the way they used to operate. So for example just some trivia uh from 2018 to 2025 we have seen that the average ransom demand has gone from $5,000 to now $1 million. That's one. uh the impact is going high and high and I think because now industry has invested so much in the endpoint anti-ransomware part there are going to be uh other evaluations or evolutions of this attack where they're going to see and look into other factors and other ways that can be leveraged to launch the same kind of attack and that is exactly what we are

going to talk about which we feel can be another vector that we should look for so if you talk about anti-ransomares EDRs means again you are pretty much familiar the way they work the way they are deployed almost every big vendor has you know one anti-ransomware capability that is there that is running on the ADR so from EDR point of view if you have those defenses we feel that you know it should be enough and it should be able to preventive uh preventively uh you know stop these threats. However, if we talk about browsers, right, we are living in the AI era. A lot of AI browsers we talked about last year, you saw that Atlas is now coming

into the play. Your comet is coming into the play. So, a lot of power is also moving into the browser, right? These agents uh which can work on your instructions autonomously. Uh and we did a lot of research on this last year. We published this as well. Uh so in our research we were able to see that uh the initial uh releases of you know your comet and other uh browser use and other agents that were there uh they were also going through that evolution of security right they were maturing so even they were very susceptible to attacks which a normal human user is now immune to. So for example your basic fishing and other

things uh now with time they are getting better and better now they're asking you before they uh do these uh high uh impact uh actions in your uh in your browser but with more and more progress if you think about it what are going to be the next steps right uh we have now from uh from almost each and every big vendor AI vendor if you talk about enthropic if you talk about open AI uh we have some kind of app that is running on your machine. Uh we have a browser that is attaching from their side. Uh so as more and more agents have control on your browser side, it will become uh you

know important that you are also monitoring them in addition to the human user and also protecting them. So yeah the whole thesis was that just like you had your endpoint which was the main thing which where all of your file used to reside your applications were there your outlook was there and uh you know your even passwords were saved there all of that has now moved into your browser and browser has become the center point of this battle and this statement will I feel age very well as we go more into the AI era. So uh just a graph showing you the different vectors and how common the browser attacks are you know going to be

and the main point of highlighting this is there are so many of these vectors which can be then chained or can be used independently to then launch attacks like a ransomware because if you have to break it down into in into you know simple terms what exactly ransomware is doing it comes onto your endpoint it makes sure that you're not able to access your files it is stealing the files as well and then it is asking you for the ransom either to get your files back or to make sure that you're not releasing them in the public. Now if we have to apply the same logic in some other way that can again be a ransomware but yes the

factors will be different the implementation will be different the state of losser attack uh you know if you search about it you'll see that the that the attacks and the vectors and the innovation is actually going up it's a upgoing graph where you'll see that till the time you'll uh actually teach or train your employees about normal fishing attack or you know some some spear fishing you'll then see the QR fishing attacks coming in nextly you'll see the oath consent grant attack that that is something that we'll talk about coming into play so now these attacks have grown way bigger than basic fishing attacks where you used to tell your you know employees or your users that you

should not put your passwords and emails into this. Now we are talking about applications which can steal tokens and then those tokens along with the scopes can be used to do damage and all of that is in the browser it is not hitting any endpoint and that is the point of concern. So the way this uh attack that we're talking about can work is uh you know you have your uh attacker who can use multiple vectors and if you take a look at it you have your ooth attacks you have your uh SSO attacks SL hijacking you have your browser synjacking uh couple of these attacks are known couple of these attacks are novel if you search

for this you'll find it these are some of attacks that we have discussed in last two years and because our focus was completely browser where all of your tokens and all of your access resides. There are multiple ways including the malicious extensions that you install you know from your chrome. Uh that's another factor that is there which is overlooked today. So when we talk about your extensions you currently believe what they say on the store. However, what the research has found and this is something that we have been working for like last two years. Uh most of your extensions 3%.

Okay. Okay. Okay. Yeah. Yeah. Sure. Yep. Can do that. There you go. Yeah. Okay. So, yeah, I was saying that uh even the extensions right you feel that if it is coming from the store, it is going to be safe. However, that is that is not the case. We have seen that 3% of the code is doing what they are claiming to do. And then there is 97% of code that is doing completely different things and these extensions can steal your credentials. These extensions can steal your tokens. They can do all kind of things including tracking, including injection of different frames into the pages that you are watching, ads, affiliate links, all of that can be

done. So there are so many of these factors which can again chain in multiple fashions. However, what is the price here? Price is either the credentials. But then again, you can always say that oh there is you know OTP, there is a 2FA, there is a MFA that can save us. But how about the tokens that you pass to your apps where you delegate your access. So the talk before this talk was actually a very interesting talk where they were talking about you know how the eval the evolution of uh your authentication and SSO and all of that came into play. So we are making it complicated on one hand and easier on other end. However it is

also coming up with its own new security uh you know concerns. So yeah in this case by using multiple of these attacks you can steal the identity or the token of the user and we'll talk about it with the demo you know how exactly you can do it and there are multiple ways of doing it once you have that you can directly uh you know attack the SAS that is there or you can directly attack the files that are stored on your cloud storage uh you know platforms and you can take it away and obviously you can leave a note there and you'll see So when it comes to your traditional ransomware, your EDRs can obviously

protect them different stages uh you know where they can actually uh detect them, they can stop them. However, because in case of your browser native attacks and browser native ransomware, what we are essentially doing is we are moving in the browser itself. So we are doing the identity attack using that we are trying to excfiltrate the data take the data away and uh that way because nothing is looking into in that depth in the browser uh we are able to bypass these defenses again just a comparison there is no visibility and rogue AI agents one of the uh factors so currently when we think about AI agents we're talking about the agents that you have sanctioned however As the

more and more development is going to go, you'll see that uh these uh other plugins that are there, the sidebar based things that are there and even the websites with you know your JavaScript and VM module and other things they'll also try to do some kind of uh you know uh control on some aspects and that will also become a problem for you. Oath attacks are very simple and we'll show you a demonstration of oath attack as well. So oath is something that you use when you are using one kind of authentication or a platform to login into another one. Uh the best example is login with Google. Everybody has done it. Uh so when you do oath at that time

you pass on two things. First is your token. Second is the scope on which the user has access to and combination of this can be misused to then uh you know get access to that resource. Similarly you have your browser in the middle. you have your uh adversary in the middle. You know, same logic. Uh they'll make sure that you're visiting a website, you click a link and then you enter into a full screen mode where you feel that you are typing into your browser but but you're not. You are actually connected to a remote machine controlled by attacker and then you are putting everything there and that way if you are putting in your credentials again the

2FA screen will come you'll again put your 2FA because you feel that you are on your machine and when you're done with your job uh again it will be logged in on attacker's machine and they can obviously take the tokens as well. So that way another way to you know get access to your SAS or your online storage. Similarly, SA SL hijack attacks are not new. Uh people are uh very aware of those. So using all of this, it becomes very very very easy for somebody to attack the data that no one is protecting. And on enterprise side you might have some defenses but when it comes to the personal data that we are storing uh generally nobody actually uh

is that reactive. So just to show you a demo of first one in this case. So it should be big enough for you to see. Yeah. So in this case you have received an email very normal case you know you get all kind of emails here in your inbox. So you click on it you go to a website like this. Again this one is not very realistic but uh if it if somebody is really launching an attack he is going to make sure that what kind of uh you know websites you visit to what kind of services you use and accordingly uh this can be crafted and that is another factor where things like your malicious extensions give uh

the attacker another edge. So these can look into what all you are doing and accordingly it can be curated for you even when you are visiting some site that you know it can be injected into this right. So the first factor how they get you to their website there are multiple ways of doing it. One of the famous attack that happened uh I think two years back where one of the large DLP DLP services provider vendor got hacked uh was also based on this urgency and this fear where they got a mail from you know Chrome store because their extension was on Chrome store and that mail was very simple. it obviously was copying the format that chrome store

uses and uh it was very simple that okay if you don't update this policy or accept these changes uh your extension is going to be impacted so sometimes it is as simple as that it was just before the Christmas so obviously everybody was in a little hurry it can be advanced as well just like I mentioned you are using a color picker extension which is like harmless uh and it was harmless for like 5 years or 6 years and Now last year uh the person who was maintaining it he was not able to monetize it and then he decided it is time to sell and there are multiple marketplaces for extensions out there where you can actually go and you

know buy and purchase these extensions and in like $3,000 you can get extensions which has like 50,000 users and you know the wor best part about these extensions are uh when you upload a new version into the store they automatically update you won't even know the browser will automatically take the new one, install it. Sometimes it requires a browser restart, sometimes it doesn't even requires that. So now you're running a malicious extension which was benign good for last 5 years and now it is looking into everything that you're doing. It is able to inject into the pages that you're opening. It is creating a history of what all you are uh you know watching. uh two weeks back we actually uncovered

60 of these extensions and we have reported those to Chrome which were actually targeting your OTT platforms. So it used to look like that they're helping you navigate these OTD platforms better. But actually they were taking away all of your history and a lot more than that. And once they have that means we are living in the world of AI today. You can put all of this into a chat GPT and it will tell you what is the best way to attack you. And if your chat GP is not letting you do that it's okay means you have your self-hosted models for that. So here so the first point is uh there are so many of these ways to to

get you to this part once you're here now it's a general normal website which has a login with Google so I'm very sure that this is a screen that everybody has seen login with Google very normal screen so whenever you try to login with Google also shows you something like this first time they'll ask you for their consent your consent And then they'll show you this page which a lot of us people we we don't really you know pay heed to this. We just say okay Google is asking something maybe this is required maybe this is legimate and most of the cases it is but that is how you know user trust is uh you know uh is uh used or abused. So

here if you take a look at the permissions if you can uh yes you can I think read compose send and permanently delete all of your email from Gmail that's the official permission that is there and when you register a app so the way this work if you have a website you want to use a login with Google the way it works is you have to create an app in the Google ecosystem in that app you define what is the purpose uh what are permissions that you require and then you integrate it with your website and when the user will come to your website he will click on it login with Google he'll then see something like this so

this is called the oath scope this is the power that you're delegating to this app when you are saying allow in this case and this is persistent so you'll give this permission you have to manually go into your account later and revoke this otherwise this app is going to have this permission ution you know for a for a ongoing basis. So you do that and now you're again redirected to you know some kind of UI so that you don't feel something is off and this can be in any of other forms right it can be a website that is offering you something for free it can be a website that is helping you make a graphics it can be a

website which is offering you say chat GPD usage free right for free right or something else means it is always something which which you really want to get and then oh it is only asking for my Google account or login with Google account. What what bad can happen? It's not asking for my credit card. So you'll see what bad can happen if you don't pay heed to that that message. So now this is the attacker view. So the view you are viewing first was the the victim or the target view. This is the attacker view. In this because we have that app, right? What we have create done just to make it very easy to understand. We have

also created a UI on the attacker site and in the UI because our app has the permission to manage your mail from your Gmail uh we are seeing all the emails that are there and the same logic as you can understand now can be used to automate all of this because if you are really seeing a ransomware it has to be automated it has to be deployable on scale I see it should be different from the the part where okay I got credentials for this one user I'm logging into his account and then I'm doing this right that's not scale this one is scalable because it's an app you can send it to like 100,000 people

100,000 people if they are coming in providing their you know consent you have the token with the app now and now this part obviously can be automated because that is why that is what apps do so here we are showing it uh so that it is easy so all the app all the mails are there and you can obviously do filtering based on the popular uh you know providers. So in this example, we're using Dropbox. You have Dropbox. Here you go to Dropbox because you have access to user's email, right? So you can obviously reset the password and because you can also delete the mails before the user will notice that there was a mail sent for resetting the

password. You can actually delete it. That way the user won't even know that the password is reset. And if there are subsequent mails, you can also delete those, right? And that can be automated as well. So once that part is done, you can obviously uh so you can see here the mail was there. We deleted the mail. Now you're already in the user's Dropbox. You can download these files and then obviously you can uh delete these from here and you can upload a ransom note. All of this can be automated obviously because what we are doing currently app has access to manage delete uh you know your your mails. So this was the the first demo.

Similarly another way to do the same just a second is using the file storage based attack. So in this one we are going to use another approach for the same. The only thing that is going to change in this case is the oath scope. So in the first one, our oath scope was to get permissions so that we can read and manage user's mail. In this case, this is victim's machine. You can see that he has a G drive and then there are some files in G drive. And now he's looking for a website. It seems like a legimate websites which will help you draw your diagrams. I'm not sure if you have used such websites

but they actually provide you an option. So that you can store your files and the work that you are doing on these for longer term. You can obviously download them but there is one more more convenient option where they ask you if you can provide them access to your G drive. They'll put those files there and you can directly take those from there. So it is taken from that example. Again the user is doing login with Google. And in this case, if you take a look at the oat scope, it says see, edit, create, and delete all of your Google Drive files. Now, that is obviously dangerous, right? So, if you're aware of this kind of

things, you can obviously say no, you can do cancel and you can go back. So, safeguards are there. But then again, if you're not aware of this thing, you might fall for it. And here's the interesting thing. So when Comet had released their browser, I'm talking about the very early version I think 3 days after the release date, we tried these attacks on it and these worked on that as well. And then uh obviously we had reported this and now their agent is way more secure. Uh it actually asks you if there is some login screen or a oath consent screen. It actually nudges the user to read it and then say if they want to proceed. So,

so now user being ignorant here uh clicked it said allow and obviously just like it happened in the previous video uh now attacker's app has access to all of these files and automatically all of the files are deleted and a ransom note can be uh uploaded here. There is your ransom note. On the attacker side, you'll obviously see another UI that we have created. But the idea is that all of this can be automated. And if you think about it, right, if you again rebuild the whole case again, what we are doing here, we are taking away your files and we are putting a ransom note. That is what ransomware is. However, it is not touching your

machine. It is browser native. The threat entered from the browser did all the work in the browser and it's a persistent access just like I mentioned till the time you go back and you know cancel it. So it's not necessary that the attacker will use it today if they have access uh you know on their app or one of these scopes or your uh and and same again this is not specific to Gmail right it is not specific to Google any kind of the service that can do this kind of o login uh is also susceptible for this it can also target that so same goes for your one drive so this is the idea idea behind it. And again, as you

can figure out, uh the only defense against these things is to make sure that you are not clicking on things and you're reading things properly and you are, you know, getting more and more aware and uh when you cannot do that then you know get something which can actually protect against it. So yeah, that's that's all that's the talk. Please let me know if you have any questions.

must be happening right now. Yeah. Yeah. Yeah. It is not happening on larger scale as of now, right? Should be. Should be. It is so easy as you can see, right? Means it it must be happening in pockets as of now. I think they're not able to hit the enterprises at that level, right? Because uh the first part, right? First part is where the enterprises are defending you. They have your you know email scanning and then other things. So hopefully that is working today now but for individual users because you know now enterprises are not the only target. Users are also target. Users can also pay bitcoins now. And if it is all automated it doesn't really matter to

the attacker if it is you know $500,000 coming from one org or $500 coming from 100,000 users right. So yeah. Yes please.

Yes. Yes. So I'll break it into two parts. Right. First part is how did you get the user to this uh specific page. Right. Now that can be done using multiple ways and that is where I gave the example of I'll not say supply chain attack but I I just said that the takeover of extension right supply chain attack can also be used for that. So because you know the idea is to somehow put it there right. So for example you have a very popular browser extension say and it is using some third party component right which got gets compromised by the attacker and attacker is now putting a new functionality where each and every extension that has it is

going to inject some page or going to redirect the user to some page right so that way it can become supply chain attack but the main uh main part of it where the oath consent hijacking is happening uh it's a legitimate functionality that is being abused by the attacker because because the user is not reading what is being shown to them. It's more of that. Same goes for your conventional uh uh you know ransomwarees as well, right? You're not supposed to download binaries onto your machine and double click them without knowing, right? If you don't trust them means there are sandboxes, right? You should put it there. So at some point of time means it it comes

down to something which you should not have done. So it is also the same. Yeah. Any any other questions? Yes please.

Password reset. Password reset. So, you go to Dropbox because you have access to the Gmail, right? You can read all the mails. Yeah. So, you just send a password reset uh mail. It'll come, you click, and then you reset the password and you delete that before the user can notice. And this again can also be automated. Any any other questions? >> We have plenty of time for questions. And just in case you're shy, you don't want to raise your hand, feel feel comfortable submitting a question on slido. >> Uh recommended mitigation for for the middle part which is the oath consent here uh is obviously the education part, awareness part. uh however if we come to

the first part because what we have seen is as I was mentioning earlier right there are so many of these vectors 100 plus vectors are something that we have cataloged which are completely focused on the browser security part right keeping up with those using uh you know your education and awareness is not realistic especially when you are seeing so many of permutation and combinations of those and you don't really get these in the same way as you get these in the training part in training It is pretty straightforward. You have like four options you have to select that you know you are being tested. In real world when you are you know juggling with like 15

tabs on your browser and then suddenly one uh you know browser tab pops up and you're seeing a new thing. It's a completely different factor. So the only way to defend against it uh at the end of the day is to have some kind of security solution which actually protects against this mean I don't want to do our self-promotion but uh that's where the browser security comes in. Yes please.

Right. Right. Right. So just like you mentioned right in ransomware's case it has to be stopped before it does the damage. So there are tools for it. There is uh a whole industry which actually tackles the browser security problem and we were one of the players in that industry uh just got acquired by Zcaler just like I mentioned. So uh there are security solutions which can sit in the browser and there are multiple ways they are deployed. It can be an extension, it can be a dedicated browser, it can be something which is sitting uh you know in between of your traffic your security proxies, right? Uh so different stack and different uh combination of these

things can actually protect against it. Something which is sitting in the browser can see whatever your user can see. It can scan all the things that are happening and stop this before your user clicks it. That's how we used to do it. Yes please.

>> Yes.

Yes.

Yes. Yes. It's a it's a very good question actually. So if you if you take a look at it from a from a basic perspective, yes, there are whitelisting approaches for the applications for the extensions. But then there are secondary problems. So for example with whit listing approach always there are so many of these websites that you have to manage the the whitelisting right and you have to and there are so for example when you talk about Google right there are like 50 or 55 plus of these scopes that are there now it can be possible that one specific person in the org needed that permission but other people don't need it right now you are going

into that group based management of things which can be done but again uh the point is is it done on scale by everybody right that is first. Second is the browser extensions just like I mentioned right even if you maintain a white list there is no guarantee that the extensions that you're using today are going to stay in that way tomorrow we have seen uh you know hijacking of these extensions completely taken over the the the user account uploaded a new one we have seen these changing hands so from one vendor to another vending we have seen people trying to monetize it and sometimes you'll actually see that there are like 50 of these extensions

they're using the same code exact same code why they're kept out there so that they you know get more and more user base and later can be weaponized so these are the problems due to which you need some kind of just in time in in uh you know monitoring capability and interception capability so that is where yeah welcome any any other questions yes

Yes. Yes. Yes. 100%. There are like 100 other vectors which can actually lead to the same thing.

All good. Okay. Oh, 10 minutes. Any any of the questions? We have 10 minutes. Yeah. I think we have run out of questions. Yeah. Again, thank you. Thank you for coming to the talk and I hope you enjoyed it. If you have any follow-up questions, uh you know, my mail was on the first page. You can still reach out to me later and uh I can help you answer those. My name is Dishant. Thank you.