Cyberhaven, a California based data-loss prevention firm, has recently reported a cyber security breach of one of its personnel. That is why the company released a statement about the action of their employee, which the hackers used to distribute the modified version of the Chrome browser extension, according to which it is possible to extract the data of the users of the resource.
Data-Loss Prevention Firm Cyberhaven Breached in Security Incident
The incident, which was said to have taken place in the early hours of Wednesday, made Cyberhaven to advise its users to change their passwords and scrutinize audit logs searching for any signs of malicious conduct. The company stressed on the fact that fast action must be taken in order to minimize possible repercussions of the event.
Cyberhaven currently serves some of the major law firms and leading technology organisations, which amplifies the general impacts of the breach. Although, the company has not stated the amount of people it impacted, its size definitely points to massive implication.
The company’s response statement and the extent of the loss due to the attack has not been established and the timing of this statement is also in doubt. Cyberhaven has yet to issue statements of clarification about the type of breach, and whether its internal networks are still vulnerable.
Perhaps the fact of the breach proves that even the cybersecurity firms cannot withstand attacks from well-organized hackers. While trials are ongoing, more commentators on the IT industry note that a company specializing in data loss prevention endured a major breach of its information systems.
Hackers Target Multiple Firms Through Compromised Chrome Extensions
Jaime Blasco, co-founder of Nudge Security, says this incident could be linked to a wider hacking campaign, especially after a young hacker breached Cyberhaven’s security previously. Blasco disclosed that the attack extended to other organizations as well through the same attack vectors, Chrome extensions loaded with further malware.
That’s how, using the subtleties disclosed by Cyberhaven, Blasco found out about several Chrome extensions that have been modified in the same way. Such outcomes indicate that hackers acted synchronously to attack the exposed elements of the mainstream browser utilities, which may harm various companies.
Extensions are the addition of more features to Chrome and can range from coupon finders to productivity increase tools. However, this incident shows potentially dangerous nature of these tools if used by malicious parties, who use trusted software to deliver the attack.
For Cyberhaven it was a Chrome extension that fell into the adversaries’ hands and which was used in its operations to monitor and protect the client data in web applications. This functionality was not just breached but the user data was also exposed and thus the effectiveness of inner browser security is in doubt.
It positively vividly illustrates the problem of increasing complexity of cyber threats and the difficulties associated with protecting even rather ordinary instruments such as browser extensions. As probes for such practices go on, organizations are encouraged to check their reliance on such applications and enhance their security measures in relation to new threats.
Hackers Target AI and VPN Extensions in Widespread Attack
Jaime Blasco came to the similar conclusion, stating that the hackers were capable not only of injecting code into the Chrome extensions but they targeted not only Cyberhaven’s tool only. Other extensions related to AI and VPNs, also fell victim suggesting a massive campaign to compromise common browser utilities.
Blasco thought that apparently the attack was not directed at Cyberhaven. However it looked a lot like a more general- an attack on multiple extensions to pilfer information from as many user and organizations as possible.
Of course, the list of extensions involves search engines and others related to AI and VPN that process personal information. AI extensions might be parsing through mountains of user data, while VPN ones protect users’ activities, making the latter a desirable location for hacker espionage.
In essence, according to Blasco, the hackers were fishing trying to infect as many popular extensions as possible so that they could gather as much information from as many users as possible. Recent threats have been delivered using known reliable tools indicating that modern threats are much more extensive and challenging.
Blasco believes that the complexity of the attack was random while the high number of extensions targeted demonstrate set intentionality from the hackers. As more facts come to light, those organisations which employ AI, VPN and other browser add-ons are warned to step up their defences against such attacks.
