Thousands of businesses at risk worldwide as new data exfiltration technique uncovered - here's what you need to know

News
By published

Browser vulnerabilities render DLP tools ineffective as new data exfiltration attacks emerge

Representational image of a shrouded hacker.
Image Credit: Pixabay (Image credit: TheDigitalArtist / Pixabay)
  • Browsers are the new frontline, but today’s DLP can’t see the real threats
  • Data Splicing Attacks break through enterprise browser security
  • Angry Magpie reveals how fragile the current DLP architecture is in a browser-first world

A newly uncovered data exfiltration technique known as Data Splicing Attacks could place thousands of businesses worldwide at significant risk, bypassing all leading data loss prevention (DLP) tools.

Attackers can split, encrypt, or encode data within the browser, transforming files into fragments that evade the detection logic used by both endpoint protection platforms (EPP) and network-based tools - before these pieces are then reassembled outside the protected environment.

By using alternative communication channels such as gRPC and WebRTC, or secure messaging platforms like WhatsApp and Telegram, threat actors can further obscure their tracks and avoid SSL-based inspections.

Threat actors now splice, encrypt, and vanish

The growing reliance on browsers as primary work tools has increased exposure. With more than 60% of enterprise data stored on cloud platforms accessed via browsers, the importance of a secure browser has never been greater.

Researchers demonstrated that proxy solutions used in many secure enterprise browsers simply cannot access the necessary context to recognize these attacks because they lack visibility into user interactions, DOM changes, and browser context.

Additionally, endpoint DLP systems struggle because they rely on APIs exposed by the browser, which do not offer identity context, extension awareness, or control over encrypted content.

These limitations create a blind spot that attackers can exploit without detection, undermining many enterprises’ ability to defend against insider threat scenarios.

What makes this discovery even more urgent is the ease with which these techniques can be adapted or modified. With new code, attackers can easily create variants, further widening the gap between evolving threats and outdated protections.

In response, the team introduced Angry Magpie, an open source toolkit designed to replicate these attacks. Security teams, red teams, and vendors can use the tool to evaluate their defenses.

Angry Magpie allows defenders to assess their systems’ exposure in realistic scenarios, helping identify blind spots in current implementations of even the best DLP solutions.

“We hope our research will serve as a call to action to acknowledge the significant risks browsers pose for data loss,” the team said.

You may also like

Efosa Udinmwen
Efosa Udinmwen
Freelance Journalist

Efosa has been writing about technology for over 7 years, initially driven by curiosity but now fueled by a strong passion for the field. He holds both a Master's and a PhD in sciences, which provided him with a solid foundation in analytical thinking. Efosa developed a keen interest in technology policy, specifically exploring the intersection of privacy, security, and politics. His research delves into how technological advancements influence regulatory frameworks and societal norms, particularly concerning data protection and cybersecurity. Upon joining TechRadar Pro, in addition to privacy and technology policy, he is also focused on B2B security products. Efosa can be contacted at this email: udinmwenefosa@gmail.com

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.