Vulnerabilities include significant shortcomings in the scanning of email attachments for malicious documents, potentially putting millions of users worldwide at risk
Embargo – Singapore, Thursday, 4 April 2024, 4:00PM IST – SquareX, a browser-security start-up led by serial cybersecurity entrepreneur Vivek Ramachandran, today unveiled the results of its recent study, revealing a concerning reality about major email providers’ inadequacies in safeguarding users against malicious document-based threats.
The study, conducted by SquareX’s research and development team, involved analysing 100 malicious document samples, which were segmented into four distinct categories:
- Original malicious document samples from MalwareBazaar
- Slightly altered malicious document samples from MalwareBazaar, such as changes in metadata and file formats
- Malicious document samples modified using attack tools that have existed for many years
- Basic Macro-enabled documents that execute programs on user devices.
These samples were sent via a third-party email provider, ProtonMail, to several major email providers, including industry giants such as Gmail, Outlook, Yahoo, AOL, and Apple iCloud Mail. The study revealed that while email providers like Gmail and Outlook demonstrated basic detection capabilities in identifying unmodified malicious document samples, they faltered in detecting modified malicious documents manipulated with readily accessible attack tools – exposing a glaring cybersecurity loophole that poses a potential threat to millions of users around the world.
Given the prevailing reliance on email services as secure communication channels, these findings raise important questions about the effectiveness of relying on existing email security measures and the false sense of security they may instil in millions of users and enterprises worldwide. While cyber threats are becoming increasingly sophisticated, email providers appear ill-prepared to detect and intercept these emerging threats, consequently leaving users to potential exploitation.
“The inadvertent discovery of this significant lapse in email security during our product enhancement process was startling, especially in India where most people use these services both for personal and professional work and rely on them for security,” shared Vivek Ramachandran, the founder and CEO of SquareX. “Our intention in making these findings public is to ignite a dialogue on the urgent need for reinforced security measures and encourage email providers to either elevate their security protocols or transparently acknowledge their current limitations,” added Vivek.
To bridge this security gap, SquareX has introduced an advanced in-browser malicious document scanning feature as a part of its browser extension, currently in beta. This move not only speaks of the company’s commitment to making the web a safer place but also invites other companies to join forces in securing the web activities of users and enterprises from cyber-attacks.
About SquareX:
SquareX is a browser-security start-up founded by the seasoned cybersecurity expert and serial entrepreneur, Vivek Ramachandran. At the core of SquareX’s mission is the commitment to empower users and enterprises with the confidence to navigate the online world without fear. With its innovative browser-native security solutions and unique isolation technology, SquareX aims to safeguard both individuals and enterprises from a spectrum of browser-based threats, encompassing malicious files, websites, scripts, and compromised networks.
Available on the Chrome and Edge stores, the SquareX browser extension has not only been awarded as “featured extension” by Chrome store but has also earned over 100,000 users globally in less than a year.
Read More: