This week's threat report highlights a surge in credential theft phishing, a discreet threat with a 54% incident rate. Examples include Yahoo! login deception, IP address cycling in phishing campaigns, and a Microsoft look-alike site exploiting muscle memory for password entry.

Browser-Based Threat Report: Jan 29

Browser-Based Threat Report

Week of January 29th, 2024

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of January 29th, 2024, unveils critical insights into the ever-evolving landscape of online threats.

The following browser-based threat report highlights recently detected sites that were deemed suspicious:

_____________

SHA-256: 76282d556daf6fbf2899edf57f6589bbacde0d7ce31d3c0c595b76f5d4d49661

page pretends to be Yahoo's login page and is used to steal email credentials

This URL was detected by ConcealBrowse on January 22nd, 2024. Six security vendors began reporting on this site later the same day. As of this report,the site is detected by 15 vendors. ConcealBrowse isolated the page with a 28% risk due to suspicion of phishing.

This page pretends to be Yahoo’s login page and is used to steal email credentials. Email credentials carry significant risk, because they can be used to steal accounts connected to the email address. Without 2 factor authentication, all an attacker needs is access to the email associated with the account to change the password and take it over. An attacker might also launch attacks against all contacts in the address book of the account because users are more likely to click on links from someone they know.

Conceal recommendation: Educating users how to spot potential phishing sites is an important aspect of a layered security approach. However, it is important to address those who may not identify phishing sites with a solution, like ConcealBrowse, that prevents users from entering credentials into sites that they fail to recognize as phishing by preventing username and password input in suspicious sites.

_____________

SHA-256: 79d6e8d4005bd33c71797a26b18e76b4b136a51d4ba0743c5a2a6ef9ead435a0

This URL was detected by ConcealBrowse on January 25th, 2024. It was detected by 13 security vendors two days before and is still currently detected by 13 vendors. Despite this, the threat still evaded security controls and ConcealBrowse isolated the page with a 14% risk assessment.

This page is hosted on an IP address that is known for multiple phishing scams. In the past, it impersonated brands such as Costco, phishing visitors for personal data and payment information. Recently, the site hosted a survey scam. Survey scams will ask users to complete a survey in exchange for a prize. When accepted, the page will collect personal information such as an email address and other PII, which will then be the target for multiple scams and phishing attempts. Although the site is currently down, it is likely that it will be reactivated with a different phishing campaign.

Conceal recommendation: This IP address is known to be used in phishing and other attacks. This IP address should be added to any block lists in ConcealBrowse and any other perimeter security controls.

page is hosted on an IP address that is known for multiple phishing scams. In the past, it impersonated brands such as Costco, phishing visitors for personal data and payment information.

_____________

SHA-256:34cae9fa33d05561d84cf80c1259cbee25c3f26ae653f7e14e29b0a24b539e45

credential phishing page; this time impersonating a Microsoft login

This URL was detected by ConcealBrowse on January 24th, 2024. It was first detected by one security vendor on January 18th, and since then it has been flagged by nine others. ConcealBrowse isolated the page with a 27% risk assessment for malware and phishing.

This is another credential phishing page; this time impersonating a Microsoft login. This site uses the color scheme and the logos of the organization that was targeted, and it fills in the email address of the user. These methods are all intended to make the victim more likely to enter their password without checking into the site further. The domain name is made to be believable as well, as it pretends to be a document signing platform. However, more investigation into the URL reveals that it is fraudulent, and no such company exists.

Conceal recommendation: Adversaries have become more sophisticated in how they are able to bypass security controls to deliver credential theft attacks. Security solutions that detect phishing threats and prevent users from entering credentials into counterfeit logins are essential in protecting against these types of threats.

_____________

Valuable Outcomes from the Browser-Based Threat

As this recent threat reports exemplify, ConcealBrowse offers comprehensive protection against many sophisticated cyber threats. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to confidently navigate the digital landscape, knowing that their online activities are shielded from potential harm.

Join the Conceal Community and claim your FREE ConcealBrowse licenses!

Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community committed to safeguarding your digital world.

Sign up for the Conceal Community and claim your free licenses by completing the form below.