Cybersecurity probably wasn’t at the forefront of your brain as you prepared for the holidays and then rang in the new year.  However, as 2024 drew to a close, a massive cybersecurity attack targeting 2.6 million people made headlines. These victims, spread across thousands of organizations, had their identity data and browser cookies compromised in a campaign that exploited malicious browser extensions.

Welcome to 2025, where even the smallest tools, like browser extensions, can become the biggest vulnerabilities, but fortunately, with Galactic you’re not alone.  We can help you stay safe.

The Attack That Should Make You Rethink Security

Here’s what happened: Cyberhaven, a data security company, fell victim to attackers who compromised its browser extension. Malicious code was injected into the extension, allowing attackers to steal Facebook cookies and authentication tokens. In simpler terms, what looked like a harmless productivity tool was turned into a tool for data theft.

While this attack initially seemed isolated, investigators uncovered over 35 additional compromised browser extensions, many of which were still in use at the time.

The lesson here? No part of your cyber landscape is insignificant. Ignoring the security of something as small as a browser extension can lead to breaches with far-reaching consequences.

Browser Extensions: A Hidden Danger in Your Business

Browser extensions are often treated as harmless add-ons, but they frequently request permissions that give them access to sensitive data such as:

  • Cookies: Used for website authentication, stolen cookies can enable attackers to impersonate users.
  • Passwords: Many extensions can capture plaintext passwords during login attempts.
  • Keystrokes and Content: Extensions can monitor all user inputs, effectively functioning as keyloggers.

The Crisis Lurking in Your Browser

With browser extensions installed on 60% of corporate devices, the numbers below highlight a growing attack vector that many organizations overlook:

  • 66% of extensions have been classified as “high” or “critical” risk due to their permissions.
  • 40% of corporate users have at least one high-risk extension installed.

The Fallout: How It Impacts Your Business

When malicious extensions are installed on corporate devices, the risks can be devastating:

  1. Credential Theft: Attackers can gain direct access to user accounts and critical systems.
  2. Session Hijacking: Stolen cookies allow attackers to take over active user sessions.
  3. Data Exfiltration: Sensitive business information is quietly extracted without detection.

These vulnerabilities don’t just affect individual users—they can compromise entire organizations, leading to financial loss, legal liabilities, and irreparable reputational damage.

What Can You Do to Protect Your Business?

Protecting your organization requires vigilance and proactive measures. Galactic Advisors specializes in helping businesses identify and mitigate these risks through third-party security assessments. Our process includes:

1. Comprehensive Audits

We conduct thorough assessments to identify all browser extensions in use across your organization, ensuring you know what’s installed and the potential risks.

2. Permission Analysis

We evaluate the permissions granted to each extension and flag those with high-risk access, such as cookie manipulation or keystroke monitoring.

3. Tailored Recommendations

Based on your environment, we provide actionable steps to secure your systems—whether that means removing risky extensions or implementing stricter policies.

4. Resilient Policies

We help your organization establish policies for managing browser extensions, ensuring ongoing monitoring and compliance with best practices.

The Time to Act Is Now

Browser extensions are no longer just productivity tools. They’re a potential threat to your business. As attackers become more sophisticated, the risks will only grow.   Galactic Advisors offers expert third-party assessments designed to uncover hidden vulnerabilities, assess your risk, and provide a clear roadmap for improving your security posture.

Don’t wait for a breach to expose your vulnerabilities. Contact Galactic Advisors today to schedule your third-party security assessment and secure your organization for 2025.