Browser-Based Threat Report: Oct. 30
Browser-Based Threat Report
Week of October 30th, 2023
ConcealBrowse is leveraged by teams across the world to combat weaponized URLs and Browser-Based Threats. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.
At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of October 30th, 2023, unveils critical insights into the ever-evolving landscape of online threats.
The following report highlights recently detected sites that were deemed suspicious:
_____________
SHA-256: 95bd5672de917dd113b5a48f4347931661dced296f6b83d2e76c002f3847e926
This URL was detected by ConcealBrowse on October 27th, 2023, with it first being submitted to a various CTI feeds October 13th and most recently October 25th, 2023.
The page was last seen delivering an innocent seeming HTML file that has encoded Javascript. The file dynamically reconstructs new HTML code as it opens in the browser and presents to the end user, a spoofed Microsoft login page, as seen above. Fortunately, Conceal Browse identified anomalies associated with the page and prevented the HTML smuggling
attack occurring in the first place, subsequently stopping the credential theft attempt.
This attack type is becoming increasingly popular due to it’s stealthiness. The drive by downloaded HTML file is not only being delivered by a reputable source (in this case, CloudFlare’s development platform) but is also encoded, then decoded and reconstructed locally to bypass web proxies and email gateways.
_____________
SHA-256: fc93937220e51c05c4c2273fe7ae0d8f50b0faafb1c1f02659bb3c0652f5b421
This web page was detected by ConcealBrowse on October 30th, 2023 with it first being submitted to CTI feeds on October 31st, 2023. This showcases Conceal’s ability to identify risky webpages in real time, even before CTI feeds report on them. This type of attack has been seen in several of Conceal’s customer environments.
The delivered page mimics the Yahoo home page by pulling legitimate assets such as images, an iFrame and even a script from Yahoo.com, which is not common practice. Any assets pulled from legitimate sites are mainly through their content delivery network. The adversaries spent a decent amount of time on crafting the page, which included 168 legitimate links leading to Yahoo. However, the page did have a high amount of empty and void links, which is indicative of phishing sites. Threat actors often do not have the time or ability to fully mimic web page functionality. With that, the site has been subsequently identified by 5 security vendors as a phishing site.
_____________
SHA-256:da9bb3966753582f1ad63eb91315ce3207b33bec9b166adc7048ddcc70258a40
This currently active URL was detected by ConcealBrowse on October 25th, 2023. Although the webpage was first submitted to various CTI feeds October 31st, 2021, it was resubmitted the morning of October 31st, 2023, meaning the page continues to deliver suspicious content.
The webpage is a login page to a commoditized Phishing-as-a-Service (PhaaS) provider based out of Russia that has been operating since June 2021. As a purchasable nefarious phishing service, the page should not be trusted.
_____________
Valuable Outcomes
ConcealBrowse offers comprehensive protection against many sophisticated cyber threats, as recent threat reports exemplify. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to navigate the digital landscape with confidence, knowing that their online activities are shielded from potential harm.
Join the Conceal Community and claim your FREE ConcealBrowse licenses!
Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community that’s committed to safeguarding your digital world.
Sign up for the Conceal Community and claim your free licenses by completing the form below.
