Browser-Based Threat Report: Feb 19

Week of February 19th, 2024

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of February 19th, 2024, unveils critical insights into the ever-evolving landscape of online threats.

The following report highlights recently detected sites that were deemed suspicious:

_____________

SHA-256: 0bc4f970d3b424ee02ece78df2e610974b72fb09e964fb6da8964056077d0ee2

credential phishing example

screenshot of credential phishing page

This URL was first detected by ConcealBrowse on February 16th, the same day that other security vendors started reporting on it. It was initially detected by 10 security vendors, and sixteen are now reporting the page as malicious. ConcealBrowse successfully intervened with a 14% risk assessment.

This is a classic example of credential phishing. The site copies the exact format of the Microsoft single sign on page to steal credentials from unsuspecting users. To make the page more believable, attackers will verify that the email address is valid before proceeding to ask a password. This makes it harder to check the page for legitimacy, which is why it is crucial to have protection in place that blocks user input such as ConcealBrowse.

Conceal Recommendation: Detection of phishing sites is not enough, you need to actively block users from entering credentials into suspected credential theft sites like you can do with the Isolation feature in C0ncealBrowse.

_____________

SHA-256: 52c1e7a2c36be28c42455fe1572d7d7918c3180cad99a2b82daa2a38a7e7bb23

malicious pop-ups imitating Microsoft

An example of the pop-ups found connected to this page

This URL was detected by ConcealBrowse on February 16th with a 28% risk assessment. It was first detected by one security vendor on February 7th and currently is detected by two vendors. ConcealBrowse intervened due to phishing and suspicious activity.

While the page is currently blank, the IP address is connected to multiple instances of malicious pop-ups. These pop-ups often imitate Microsoft, and demand that the user call a phone number to fix it. These scams often tell the user to download remote access software onto their computer, resulting in both a financial loss and the theft of personal information.

Conceal Recommendation: Block the IP address and the URL using ConcealBrowse and monitor software being downloaded onto company machines. Additionally, Users should inform their IT team whenever they are prompted to conduct an action. Remember, any vendor contact should be routed through the IT team

_____________

SHA-256: 3938c63e8b782001c4b451b439634c1380b1e262d919e11ba7374862835d83e4

ransomware hosting through a malicious popup

This URL was detected by ConcealBrowse on February 13th. It was first detected by one security vendor on January 9th, and there are currently four security vendors reporting this page for malicious activity. ConcealBrowse intervened with a 32% risk assessment due to malware and proximity to malicious IP addresses.

The IP address connected to this page was recently flagged for hosting a form of ransomware through a malicious popup. Users would click on the popup, and the executable file would download to their computer. Ransomware can be devastating, especially in cases where computers are connected to each other on a network and the malicious software can spread. Although the page is now down, ConcealBrowse still intervened to protect users in the future if the site becomes active again.

Conceal Recommendation: Rely on active defense solutions such as ConcealBrowse. When ConcealBrowse intervenes on a page, all download attempts are blocked to protect users from malware such as this. Live analysis of the site allows for early intervention and prevents malicious downloads.

_____________

Valuable Outcomes

As this recent threat reports exemplify, ConcealBrowse offers comprehensive protection against many sophisticated cyber threats. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to confidently navigate the digital landscape, knowing that their online activities are shielded from potential harm.

Join the Conceal Community and claim your FREE ConcealBrowse licenses!

Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community committed to safeguarding your digital world.

Sign up for the Conceal Community and claim your free licenses by completing the form below.


browser-based threat report 2.12.23

Browser-Based Threat Report: Feb 12

Week of February 12th, 2024

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of February 12th, 2024, unveils critical insights into the ever-evolving landscape of online threats.

The following report highlights recently detected sites that were deemed suspicious:

_____________

SHA-256: 71a36ae6fbc456fbf6376f21f3df4803f5c1a6e2a170c0191f52b3a56778005b

Browser-Based Threat Brand Impersonation

example of similar brand impersonation page

This URL was detected by ConcealBrowse on February 8th, 2024, with a 28% risk assessment. It was first seen by four security vendors in June of 2023 and is currently detected by 17 vendors. ConcealBrowse intervened on this page due to suspicious activity.

While the website is currently down, this page is an example of brand impersonation by pretending to be the United States Postal Service. These scams usually come in the form of a message saying that there is a package that was lost in the mail. When users click on the link, they are shown a page that looks very similar to the USPS site and asked to provide a return address and pay for shipping. Brand impersonations can be very hard to recognize, which is why using browser protection is critical.

Conceal Recommendation: This URL and IP should be blocked with ConcealBrowse’s policies and other perimeter security tools your organization may be using.

_____________

SHA-256: 7aa36b6af4e26f3e690d408d04c810d144179ac784c065fcd8f845b76d2a25c5

This URL was detected by ConcealBrowse on February 9th, 2024. It was originally seen by one security vendor in November of 2023 and is currently detected by 12 vendors for phishing and malicious content. ConcealBrowse successfully intervened with a 28% risk assessment, citing proximity to other malicious sites and possible malware.

This IP was recently linked to a scareware campaign; a special type of adware that is designed to scare the user into downloading malicious software. This example tries to convince the user that their machine is infected with malware and an antivirus software is necessary. The pressure caused by the alarming messages may cause users to react and install the malware.

Conceal Recommendation: To prevent these types of attacks, a dynamic scanning engine is required to keep pace with adversaries moving between different URLs. The ability to contain downloaded files and prevent them from executing on the user’s computer is also a necessity when encountering these threats.

Browser-Based Threat Scareware

Scareware found at this domain

_____________

SHA-256: 52b33f982d0e1c9602bace37ca2ef97ba413694f94c14e06aa6dc6515e9dc1676

Browser-Based Threat Fake Storefront

Screenshot of Fake Storefront Page

This URL was detected by ConcealBrowse on February 7th, 2024, the same day other vendors began reporting on it. It was originally flagged by three vendors and is now flagged by six, labelling it as a shopping scam. ConcealBrowse intervened with a 14% risk assessment due to suspicion.

The site is a fake storefront, which is a common scam used to steal payment information such as a credit card. The website template not being complete, such as with the filler text in the above image, is a good indicator that none of the products are legitimate. These storefronts typically disappear very quickly to evade detection, which is why ConcealBrowse’s real-time analysis of the site is critical to protect user data.

Conceal Recommendation: Implementing a solution that is capable of scanning the URL down to the web page in real-time is the only way to identify these threats due to how quickly they are stood up and removed by adversaries. Deploying the ConcealBrowse solution to the browser enables you identify and disrupt novel phishing sites such as this.

_____________

Valuable Outcomes

As this recent threat reports exemplify, ConcealBrowse offers comprehensive protection against many sophisticated cyber threats. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to confidently navigate the digital landscape, knowing that their online activities are shielded from potential harm.

Join the Conceal Community and claim your FREE ConcealBrowse licenses!

Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community committed to safeguarding your digital world.

Sign up for the Conceal Community and claim your free licenses by completing the form below.


press release hero

Conceal Partners with Fortem-IT: Integrating Browser Security

Conceal Announces Pioneering Partnership with Fortem Information Technology to Elevate Global IT Solutions with Browser Security

February 13 2024, 10:22 AM Eastern Daylight Time

AUGUSTA, GA –(BUSINESS WIRE)–Conceal, a leader in innovative cybersecurity solutions is excited to announce a strategic partnership with Fortem Information Technology, a global provider of tailored IT support services. This collaboration aims to enhance global IT security and support, marrying Conceal’s cutting-edge browser security solution with Fortem-IT’s comprehensive IT solutions.

“Partnering with Fortem-IT is a significant stride in our mission to provide world-class browser security globally. Fortem-IT’s global reach and bespoke IT services, combined with our advanced browser security technology, will create a formidable force in IT support and protection,” said Gordon Lawson, CEO of Conceal. “This alliance is a testament to our commitment to adapt our solution to be relevant and useful to the complex IT needs of businesses worldwide.”

“Our collaboration with Conceal marks a new chapter in providing comprehensive IT solutions. With Conceal’s innovative browser security technology, we’re set to redefine IT support and protection for our clients globally,” stated Mark McGettigan, Head of Sales of Fortem-IT.

This partnership promises to equip businesses with a blend of Fortem-IT’s vendor-agnostic, tailored IT solutions and Conceal’s advanced browser cybersecurity technology. Clients can expect enhanced IT support, streamlined operations, and robust protection against the ever-evolving landscape of cyber threats.

About Conceal

Conceal’s mission is to defend organizations against web-based threats. ConcealBrowse is a private, lightweight, easy-to-deploy AI-powered browser extension that detects, prevents, and shields users from ever-evolving phishing, credential theft, and other sophisticated social engineering attacks. By securing the most vulnerable part of any organization, the human using a web browser, ConcealBrowse dramatically reduces the risk of destructive and costly cyber-attacks. For more information, visit https://conceal.io/conceal-browse/

 

About Fortem-IT

Fortem-IT is dedicated to delivering innovative IT solutions that meet the unique needs of their clients. Their cutting-edge technology portfolio helps drive business success and maintain a competitive edge in the industry. Adopting a vendor-agnostic approach, Fortem-IT works to identify and fulfill all of their clients IT requirements, ensuring a comprehensive product portfolio. Their commitment to exceptional aftercare further sets them apart as a world-class IT provider, delivering ongoing support for continued success. For more information, visit https://fortem-it.com/, email [email protected] or call 0203 80 22 000

Source:

AI in cybersecurity a new vanguard in browser security

AI in Cybersecurity: Navigating the Digital Frontier

AI in cybersecurity offers advanced protection for organizations against cyber threats, but also poses unique challenges and misuse by bad actors.

Whitepaper

Conceal

The Evolution of Phishing

Browser-Based Threat Report: Feb 5

Browser-Based Threat Report

Week of February 5th, 2024

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of February 5th, 2024, unveils critical insights into the ever-evolving landscape of online threats.

The following report highlights recently detected sites that were deemed suspicious:

_____________

SHA-256:575e16e99fc8d3ac02f853c6bed65238f23bd6013a7e2321b4c260a171ad5047

browser hijacking

screenshot of homepage for a browser extension that was flagged by security vendors for malware, likely due to browser hijacking

This URL was detected by ConcealBrowse on February 2nd, 2024. It was flagged by four security vendors on December 4th and is still currently flagged by four vendors. ConcealBrowse intervened, assigning the page a 23% risk score due to potential malware.

This is the homepage for a browser extension that was flagged by security vendors for malware, likely due to browser hijacking. Browser hijacking occurs when software changes how your web browser interacts with websites. For example, it may change your home screen to a different search engine or redirect you to malicious websites. While in most cases it is more of a nuisance than nefarious, these types of extensions could easily redirect you to sites that could do more damage or steal your credentials.

Conceal recommendation: This URL and IP should be blocked with ConcealBrowse’s policies and by your other security tools. 

_____________

SHA-256: c81549a6aa1a44d1858feaab9d01060950658b929e39c257b9d2854dd76b1387

This URL was detected by ConcealBrowse on February 1st, 2024. It was originally detected by 4 security vendors the same day, and that number has not changed. ConcealBrowse intervened, assigning the page a 14% risk score due to suspicion.

Although the page has since been removed by Microsoft, this site hosted a tech support scam. Tech support scams will claim that the user’s computer contains malicious software or viruses and prompt them to call a number to remove them. These numbers will pretend to be Microsoft support, but their goal is to steal personal information and money from victims. Sometimes, these scams will go as far as to tell the user to download malware onto their machine so that they can be exploited again in the future.

Conceal recommendation: Although links may originate from legitimate organizations like Microsoft, they can redirect you to unofficial or malicious sites. Unless users verify that the final domain is the one that they intended to visit, they may be unaware of the attack. Solutions, such as ConcealBrowse, that analyze the final destination web page, are crucial in detecting and defending against threats that hide through redirects. 

screenshot of tech support scam URL detected by ConcealBrowse

screenshot of tech support scam URL detected by ConcealBrowse

_____________

SHA-256: 5b9542b700f786e8c7913aae5cef1696bf888ccc555de8ff1be809f4ed4b5363

screenshot of gift card scam page URL detected by ConcealBrowse

Screenshot of a similar page hosted by the same server

This URL was detected by ConcealBrowse on January 30th, 2024. It was first detected by one security vendor on December 29th and is currently detected by 14. ConcealBrowse successfully intervened, assigning the page a 39% risk score.

While the current page no longer exists, it is hosted by a server that contains multiple phishing URLs. The proximity to the malicious IP address allowed ConcealBrowse to detect the page regardless of content. In the past, these sites were used to host gift card scams. Gift card scams trick the user into believing they’ve won a monetary prize, only to redirect them to a malicious website that will steal their personal information and credit card.

Conceal recommendation: Sites like these change their content frequently but often use the same high-risk IP addresses. Blocking all access to this IP with ConcealBrowse , along with your firewall or other perimeter security solution, makes it less likely for users to encounter them. 

_____________

Valuable Outcomes

As this recent threat reports exemplify, ConcealBrowse offers comprehensive protection against many sophisticated cyber threats. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to confidently navigate the digital landscape, knowing that their online activities are shielded from potential harm.

Join the Conceal Community and claim your FREE ConcealBrowse licenses!

Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community committed to safeguarding your digital world.

Sign up for the Conceal Community and claim your free licenses by completing the form below.


phishing white paper. browser-based phishing

A Comprehensive Guide on Browser-Based Phishing Attacks

The quality and quantity of browser-based phishing attacks have escalated dramatically over the past year, posing a significant threat to online security.

Whitepaper

Browser-Based Phishing

The Rise of Browser-Based Phishing Attacks and Expectations for 2024

The digital landscape of 2024 continues to be fraught with cybersecurity challenges, notably the surge in browser-based phishing attacks. A recent report1 highlights a startling 198% increase in such attacks, emphasizing the evolution of phishing threats into more sophisticated and evasive forms.

2023: A Year of Alarming Growth

Last year witnessed an unprecedented spike in browser-based phishing attacks, with 30% exhibiting advanced, evasive techniques. This surge is not just about quantity; the nature of these attacks has become increasingly sophisticated, leveraging tactics like smishing, adversary-in-the-middle (AiTM) frameworks, and multi-factor authentication (MFA) bypass strategies.

What Makes Modern Phishing Attacks Different?

The traditional concept of phishing has undergone a dramatic transformation. Modern phishing attempts are dynamic, adept at evading standard security measures, and increasingly automated using GenAI tools. These attacks are no longer limited to emails but have expanded to cloud-sharing platforms and web applications.

The 2024 Outlook

Looking ahead to the rest of 2024, we can expect these trends to continue, if not intensify. The report’s findings suggest:

Increased Volume and Sophistication: Phishing attacks will likely grow in frequency and complexity.

Evasive Techniques: Attackers will continue to innovate, making detection and prevention more challenging.

Expanding Targets: Small and medium enterprises, previously less targeted, may see a rise in phishing attempts.

Preparing for the Threat

The escalation of browser-based phishing attacks necessitates a proactive approach to cybersecurity. Enterprises need to reassess their security strategies, focusing on advanced detection mechanisms and user education. Emphasizing browser security and adopting comprehensive solutions capable of identifying and mitigating sophisticated attacks will be crucial.

Conclusion

The state of browser security in 2024 is a testament to the ever-evolving nature of cyber threats. With phishing attacks becoming more sophisticated and evasive, staying ahead of these threats requires constant vigilance, updated security practices, and a thorough understanding of the evolving digital threat landscape.

1. https://resources.menlosecurity.com/all-content/state-of-browser-security-defending-browsers-against-zero-hour-phishing-attacks

This week's threat report highlights a surge in credential theft phishing, a discreet threat with a 54% incident rate. Examples include Yahoo! login deception, IP address cycling in phishing campaigns, and a Microsoft look-alike site exploiting muscle memory for password entry.

Browser-Based Threat Report: Jan 29

Browser-Based Threat Report

Week of January 29th, 2024

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of January 29th, 2024, unveils critical insights into the ever-evolving landscape of online threats.

The following browser-based threat report highlights recently detected sites that were deemed suspicious:

_____________

SHA-256: 76282d556daf6fbf2899edf57f6589bbacde0d7ce31d3c0c595b76f5d4d49661

page pretends to be Yahoo's login page and is used to steal email credentials

This URL was detected by ConcealBrowse on January 22nd, 2024. Six security vendors began reporting on this site later the same day. As of this report,the site is detected by 15 vendors. ConcealBrowse isolated the page with a 28% risk due to suspicion of phishing.

This page pretends to be Yahoo’s login page and is used to steal email credentials. Email credentials carry significant risk, because they can be used to steal accounts connected to the email address. Without 2 factor authentication, all an attacker needs is access to the email associated with the account to change the password and take it over. An attacker might also launch attacks against all contacts in the address book of the account because users are more likely to click on links from someone they know.

Conceal recommendation: Educating users how to spot potential phishing sites is an important aspect of a layered security approach. However, it is important to address those who may not identify phishing sites with a solution, like ConcealBrowse, that prevents users from entering credentials into sites that they fail to recognize as phishing by preventing username and password input in suspicious sites.

_____________

SHA-256: 79d6e8d4005bd33c71797a26b18e76b4b136a51d4ba0743c5a2a6ef9ead435a0

This URL was detected by ConcealBrowse on January 25th, 2024. It was detected by 13 security vendors two days before and is still currently detected by 13 vendors. Despite this, the threat still evaded security controls and ConcealBrowse isolated the page with a 14% risk assessment.

This page is hosted on an IP address that is known for multiple phishing scams. In the past, it impersonated brands such as Costco, phishing visitors for personal data and payment information. Recently, the site hosted a survey scam. Survey scams will ask users to complete a survey in exchange for a prize. When accepted, the page will collect personal information such as an email address and other PII, which will then be the target for multiple scams and phishing attempts. Although the site is currently down, it is likely that it will be reactivated with a different phishing campaign.

Conceal recommendation: This IP address is known to be used in phishing and other attacks. This IP address should be added to any block lists in ConcealBrowse and any other perimeter security controls.

page is hosted on an IP address that is known for multiple phishing scams. In the past, it impersonated brands such as Costco, phishing visitors for personal data and payment information.

_____________

SHA-256:34cae9fa33d05561d84cf80c1259cbee25c3f26ae653f7e14e29b0a24b539e45

credential phishing page; this time impersonating a Microsoft login

This URL was detected by ConcealBrowse on January 24th, 2024. It was first detected by one security vendor on January 18th, and since then it has been flagged by nine others. ConcealBrowse isolated the page with a 27% risk assessment for malware and phishing.

This is another credential phishing page; this time impersonating a Microsoft login. This site uses the color scheme and the logos of the organization that was targeted, and it fills in the email address of the user. These methods are all intended to make the victim more likely to enter their password without checking into the site further. The domain name is made to be believable as well, as it pretends to be a document signing platform. However, more investigation into the URL reveals that it is fraudulent, and no such company exists.

Conceal recommendation: Adversaries have become more sophisticated in how they are able to bypass security controls to deliver credential theft attacks. Security solutions that detect phishing threats and prevent users from entering credentials into counterfeit logins are essential in protecting against these types of threats.

_____________

Valuable Outcomes from the Browser-Based Threat

As this recent threat reports exemplify, ConcealBrowse offers comprehensive protection against many sophisticated cyber threats. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to confidently navigate the digital landscape, knowing that their online activities are shielded from potential harm.

Join the Conceal Community and claim your FREE ConcealBrowse licenses!

Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community committed to safeguarding your digital world.

Sign up for the Conceal Community and claim your free licenses by completing the form below.

 


forbesbusinesscouncil-beyond-the-inbox-browsersecurity

Forbes: Beyond The Inbox: The Imperative For Holistic Cybersecurity Approaches

Combat evolving cyber threats! Social engineering, especially via email, poses grave risks. Explore browser security’s critical role and a holistic approach for robust cybersecurity.