Conceal Threat Alert: Meta Highlights Threats Against Business Accounts on its Social Platforms

The Hacker News reported that Meta, the parent company of Facebook and Instagram, has recently taken down over 1,000 malicious URLs leveraging OpenAI’s ChatGPT as a lure to spread malware across its services. (We previously reported on attackers using ChatGPT themes in phishing lures.) The increasing use of fake ChatGPT browser extensions by threat actors has led to the theft of users’ Facebook account credentials, ultimately resulting in unauthorized ads being run from hijacked business accounts. 

The malware campaigns primarily target personal accounts of users who manage or are connected to business pages and advertising accounts on Facebook. Malicious URLs with themes like Google Bard, TikTok marketing tools, pirated software, and movies are also being used by threat actors to deceive users. 

When hackers gain control of a company’s Facebook business page through these tactics, the potential costs can be devastating. These costs may include: 

  1. Financial loss: Unauthorized ads run from hijacked accounts can result in significant advertising expenses. Additionally, cybercriminals may misuse company financial data or access credit lines, causing further financial damage. 
  1. Damage to brand reputation: Unauthorized content posted on a company’s social media pages can harm the brand’s image and result in lost consumer trust and loyalty. It may take a considerable amount of time and effort to rebuild the company’s reputation. 
  1. Loss of sensitive data: The theft of confidential business data, such as customer information, trade secrets, or intellectual property, can have long-lasting negative effects on a company’s competitiveness and market position. 
  1. Legal and regulatory consequences: Companies may face legal and regulatory penalties if they fail to adequately protect customer data or if they are found to have insufficient cybersecurity measures in place. 
  1. Loss of productivity: Regaining control of the company’s social media accounts and recovering from the attack’s consequences can be time-consuming and resource-intensive, leading to reduced productivity and potential business interruptions. 

In response to these growing cyber threats, Meta has introduced a new support tool to help users identify and remove malware, verify connected Business Manager accounts, and require additional authentication for accessing a credit line or changing business administrators. 

However, as cyberattacks become more sophisticated, it’s essential to have an extra layer of protection for both personal and enterprise internet use. ConcealBrowse offers the ideal solution by proactively detecting, defending, and isolating threats from malicious internet traffic. 

ConcealBrowse automatically isolates risky transactions without interrupting the user’s browsing experience. Its isolated browsing environments for risky sites provide enhanced privacy and security, ensuring that malicious code or files never execute on a user’s devices. 

With ConcealBrowse, you can safeguard your online presence from malicious URLs delivered through any source, including social media platforms like Facebook and Instagram. This advanced protection tool acts as the brain, making proactive decisions about security risks associated with internet use and shielding your personal and enterprise data from cyber threats. 

By implementing ConcealBrowse, you can effectively mitigate the potential costs associated with hackers gaining control of your company’s Facebook business page. Stay ahead of the ever-evolving world of cyber threats with ConcealBrowse, your trusted partner in providing an unparalleled level of privacy and security for all your online activities. 

Don’t let cybercriminals compromise your online security and cause devastating consequences for your business. Take the first step in fortifying your online presence today by experiencing the power of ConcealBrowse for yourself. Visit to request a personalized demo and learn how ConcealBrowse can provide you with the ultimate protection against malicious URLs and other cyber threats. Don’t wait – safeguard your business and personal data with ConcealBrowse now!

Conceal Threat Alert: Bumblebee Malware Campaign – When Malicious Ads Meet Compromised Websites

The threat landscape is continuously evolving, and cybercriminals are employing new and sophisticated tactics to target their victims. We have previously written about attacks utilizing “Search Engine Optimization (SEO) poisoning” on Google Ads to link to malware delivery sites. In SEO poisoning attacks, actors purchase Google Ads on targeted search terms to cause Google to serve malicious links in ads that are crafted to look like legitimate trusted web sites. 

One such campaign was recently observed by Secureworks’ Counter Threat Unit (CTU) researchers. It involves the distribution of Bumblebee malware via trojanized installers for popular software, such as Zoom, Cisco AnyConnect, ChatGPT, and Citrix Workspace. Bumblebee, a modular loader, has historically been delivered through phishing and is commonly associated with ransomware deployments. The current campaign, however, leverages malicious Google Ads and compromised WordPress sites as the initial attack vectors to infect victims’ systems.  

The researchers analyzed one of the Bumblebee samples and found that the infection chain began with a malicious Google Ad that redirected users to a fake download page for Cisco AnyConnect Secure Mobility Client. The fake page was hosted on the domain “appcisco[.]com,” which was created by the threat actor on or around February 16, 2023. This malicious redirection occurred via a compromised WordPress site. Once on the fake page, victims would download the trojanized installer, which contained an MSI file that executed two files when run. The first file was a legitimate installer for the Cisco AnyConnect VPN application, while the second was a malicious PowerShell script with an encoded Bumblebee malware payload.  

The campaign’s success relied on the effective use of malicious Google Ads and the compromise of WordPress sites. By combining these tactics, the attacker was able to redirect victims to fake download pages that appeared legitimate, enticing them to download and run the trojanized installers. The attacker’s objective, as observed in one compromised environment, was to deploy ransomware. However, in this particular case, network defenders detected and disrupted the attacker’s activity before they could achieve their goal. 

Fortunately, ConcealBrowse can defeat SEO poisoning attacks like this one. Because ConcealBrowse brings zero trust principles to the browser, even the most convincing ads can quickly be detected and blocked, preventing users from downloading malicious files or providing their sensitive information, even if they don’t realize the site is fake and malicious. 

The Bumblebee malware campaign serves as a cautionary tale of how cybercriminals can exploit online advertising platforms and compromised websites to distribute malware. Organizations must remain vigilant and adopt solutions like ConcealBrowse to proactively detect and isolate threats and safeguard their digital assets. Click here to try ConcealBrowse for free today. 


Conceal Threat Alert: ConcealBrowse Thwarts Sophisticated Spear Phishing Attack Targeting Conceal CEO

ConcealBrowse’s Advanced Protection Overcomes Traditional Anti-Phishing Tool Limitations

In a recent spear phishing attack, cybercriminals targeted Conceal’s CEO, Gordon Lawson, bypassing Microsoft 365’s strict anti-phishing protection. This was a highly-targeted attack utilizing advanced techniques to evade detection, but ConcealBrowse effectively protected against the threat by analyzing metadata about the URL used in the attack even though it wasn’t flagged as malicious in traditional intelligence sources.

Bypassing Anti-Phishing Protections

The attackers utilized several techniques intended to defeat common anti-phishing protections:

1. The phishing email contained a screenshot of a typical Microsoft sharing screen linked to an obfuscated URL, operated by a legitimate company, Constant Contact, with a strong reputation.

2. The email body contained significant whitespace followed by seemingly legitimate content, which helped it defeat the email-based phishing detection algorithms.

3. The threat actor passed encoded metadata and a URL through a redirect page, which behaved differently on the first visit vs. Subsequent ones. In some cases after the first visit, the victim would be redirected a legitimate Microsoft login page. To defeat sandboxing and similar protections, a captcha was used on the first visit. These steps were aimed at reducing the chances of the malicious site being detected and flagged by automated analytical tools.

Targeted Attack Characteristics

Several indicators suggest this was a targeted attack:

  1. Compromised sender account: The sender’s reputation, as determined by DKIM, SPF, and Composite authentication, was associated with Microsoft. However, the display name and recipient address raised suspicions, implying the attack originated from a compromised email account.
  2. Customized login page: The phishing email redirected users to a convincing Microsoft login prompt that included the Conceal logo and almost exactly mimicked the real Microsoft authorization page.

ConcealBrowse’s Protection Against the Attack

ConcealBrowse’s advanced security measures effectively protected against the spear phishing attack by focusing on metadata analysis of the URL used in the attack. Even though traditional intelligence sources had not flagged the URL as malicious, ConcealBrowse identified potential risks based on the following indicators:

Domain registration: The recently registered domain prompted ConcealBrowse to isolate the session to protect users. This proactive approach ensured that any potential threats associated with the domain were contained, keeping the business secure.

Multi-layered defense: ConcealBrowse employed multiple data sources and indicators to provide robust protection against the attack, demonstrating the importance of a comprehensive approach to cybersecurity.

Indicators of Compromise:

The following indicators were observed as part of this campaign:

DOMAIN Mimicked a Microsoft authentication page, customized with the Conceal logo.


The sophisticated and targeted spear phishing attack exemplifies the evolving tactics of cybercriminals and the limitations of traditional anti-phishing tools. ConcealBrowse’s advanced protection, based on metadata analysis and multi-layered defense, effectively thwarted the attack. The fact that attackers are constantly evolving to defeat the latest defensive techniques emphasizes the need for businesses to adopt innovative security measures to safeguard sensitive information and maintain a secure environment. Click here to schedule a demo of ConcealBrowse today.


Conceal Threat Alert: The Tax Day Tangle – Cybercriminals’ Taking Advantage of Stressful Season to Deliver Malware

As the April 18 tax deadline approaches in the United States, accountants and finance professionals are under immense pressure to file tax returns for their clients. Unfortunately, cybercriminals have been taking advantage of this time-sensitive and stressful period to launch a targeted phishing campaign with the goal of gaining unauthorized access to sensitive personal information. According to research done by Microsoft and covered in a recent DarkReading report, cybercriminals are utilizing well-crafted phishing emails and multiple URL redirections to bypass traditional security measures. 

The attacks begin with a carefully crafted phishing email sent to Certified Public Accountants (CPAs), accounting firms, and related companies handling tax information. In these emails, the attackers masquerade as existing clients, using subtle social engineering techniques to appear more legitimate. For example, some emails include lines like “I apologize for not responding sooner” and the subject line “Re: 2022,” implying an ongoing correspondence. The inclusion of a password-protected link labeled as “confidential” adds an air of security to the message, making it more believable.  

To evade detection by traditional cybersecurity tools, the phishing email contained a link that redirected the recipient through multiple legitimate services. The first redirection leads to an Amazon Web Services click-tracking service, followed by redirection to an ordinary file-hosting site. These layers of redirection serve to evade potential anti-malware detection. Ultimately, the link leads to a .ZIP file containing malicious files designed to trigger the download of the Remcos remote access Trojan (RAT), a malware capable of granting attackers the same level of privileges over the victim’s computer as the victim. 

Obviously, the timing of this attack is no coincidence. Cybercriminals strategically initiated the campaign in February, coinciding with the busiest time of year for accountants and finance professionals. They recognized that professionals working long hours and responding to numerous emails late at night might be more susceptible to making mistakes or clicking on malicious links.  

Fortunately, Conceal’s secure browser extension, ConcealBrowse, can play a vital role in protecting users. ConcealBrowse acts as a proactive security layer, making real-time decisions about the security risk associated with internet use and automatically isolating risky transactions without interrupting the user. It opens risky sites in an isolated environment, ensuring that no malicious code or files are ever executed on the user’s device. Multiple browser redirect strategies like the one implemented in this attack cannot evade detection by ConcealBrowse, as every URL loaded into the browser is checked in real-time. So, even if the first malicious URL is the third in a series of redirects, ConcealBrowse will identify the URL as malicious and take appropriate action. 

The Remcos RAT phishing campaign serves as yet another reminder of the evolving tactics used by cybercriminals to exploit vulnerabilities in human behavior. With the use of social engineering and multiple URL redirections, attackers can bypass traditional security measures. However, ConcealBrowse can provide a robust extra layer of defense against such attacks. As Tax Day approaches, we urge individuals and organizations to exercise caution and utilize tools like ConcealBrowse to mitigate the risk of falling victim to cyber-attacks. Click here to sign up for a live demo of ConcealBrowse and see how it can help protect your organization today. 

ConcealBrowse dashboard hero

Tech Spotlight: ConcealBrowse Dashboard – Enhancing Visibility and Security Control

In today’s digital landscape, organizations are continuously exposed to threats that can bypass traditional security controls. ConcealBrowse  offers a comprehensive solution that provides security to malicious activity that may go undetected by other security measures.  Additionally, the corresponding dashboard provides enhanced visibility and insights into activities that may go unnoticed by other tools. In this tech spotlight blog, we’ll explore the features of the ConcealBrowse Dashboard and discuss how it can help organizations improve their security posture.

ConcealBrowse Dashboard Features

The ConcealBrowse Dashboard offers a range of reports and graphs that provide valuable insights into isolated sessions and user behavior. Some of these include:

Isolated Sessions: This report displays a detailed view of all isolated sessions, allowing security teams to monitor and assess potential threats effectively.

Top Isolated Entities: This report highlights the most frequently isolated URLs, enabling organizations to identify high-risk areas and prioritize corresponding remediation efforts.   

Highest Isolated Sessions: This report ranks users or devices based on their number of isolated sessions, helping security teams identify targeted individuals or those who may require additional training.

ConcealBrowese dashboard

Visualizing Security Data

The ConcealBrowse Dashboard offers various graphs that enable organizations to visualize and analyze security trends effectively. Some key visualizations include:

Trend of Isolated Sessions: This graph displays the overall trend of isolated sessions over time, helping organizations identify patterns and respond proactively to emerging threats.

Number of Isolated Sessions: This visualization provides a clear overview of the total number of isolated sessions, allowing security teams to gauge the effectiveness of their security measures.

Isolated Sessions per Day: This graph shows the daily count of isolated sessions, enabling organizations to track and manage security incidents more effectively. 

OS and Browsers Hooked Up: This visualization offers insights into the operating systems and browsers connected to the ConcealBrowse platform, helping organizations tailor their security strategies according to the specific technologies in use.

Enhancing Security Through Visibility

The ConcealBrowse Dashboard provides organizations with the visibility needed to identify and respond to security threats that might bypass conventional security controls. By offering comprehensive insights into isolated sessions and user behavior, the dashboard enables organizations to optimize their security measures, identify targeted individuals, and provide additional training where necessary.


In an increasingly complex threat landscape, organizations must remain vigilant and adopt security solutions that provide comprehensive visibility into their digital environments. The ConcealBrowse Dashboard offers a powerful solution to help organizations stay ahead of potential threats and maintain a robust security posture. By leveraging the dashboard’s advanced features and visualizations, security teams can make informed decisions and protect their organizations from emerging risks.

Zero trust security

Conceal Threat Alert: Increased Phishing Attacks on Collaboration Platforms Highlight the Importance of Zero-Trust Browser Protection

Phishing attacks have long been a serious threat to businesses, but recent reports indicate that the problem is becoming even more pervasive. Email remains a primary target, but attackers are also expanding their focus to collaboration platforms such as Slack and Microsoft Teams. With the shift to hybrid work environments, these platforms have become popular avenues for exploitation by opportunistic cybercriminals. As a result, companies are grappling with a growing threat surface, and many feel vulnerable to attacks delivered through their collaboration tools.

The Growth of Attacks from Non-Email Platforms

Traditionally, email has been the primary attack vector for phishing and other messaging-based attacks. However, recent data from the “State of Email Security” (SOES) report published by Mimecast indicates that newer collaboration technologies are also being targeted. In the past 12 months, 97% of companies surveyed experienced at least one email phishing attack, and three-quarters expected to incur significant costs from email-based attacks. Most concerning, however, is the increase in cyberattacks via collaboration platforms. Nearly three-quarters of companies surveyed feel it is likely or extremely likely that their company will suffer an attack delivered through their collaboration tools.

This threat is only exacerbated by the fact that attacks on messaging and collaboration software are a growing source of compromise. The Anti-Phishing Working Group detected 1.3 million phishing attacks in the third quarter of 2022, up from 1.1 million attacks in the second quarter. Cybercriminals are getting more sophisticated, with 19% of phishing attacks successfully bypassing platform defenses.

While email remains a key attack vector, collaboration tools provide a new and expanding threat surface for bad actors. Companies in various industries, including consumer services, energy, healthcare, and media and entertainment, are particularly susceptible to these threats.

Zero-Trust Web Browser Protection with ConcealBrowse

Given the evolving threat landscape, it is essential for businesses to implement zero-trust web browser protection tools like ConcealBrowse. Designed to create a worry-free user experience, ConcealBrowse detects, defends, and isolates malicious and unknown internet activity across all applications, providing robust protection for users​.

ConcealBrowse proactively gauges risky internet traffic and determines one of two routes: allowing known “good” URLs to continue on their normal path, blocking it, or opening it in an isolated cloud environment where malicious files and code is not run on the user’s device. Importantly, ConcealBrowse makes proactive decisions about the security risk associated with internet use and automatically isolates risky transactions without interrupting the user experience. 

By implementing ConcealBrowse, organizations can effectively defend against phishing attacks targeting not only email but also collaboration platforms. It automatically detects risky internet activity, defends and isolates network and endpoint information, and reduces expenses related to detection, prevention, and response.


In the era of hybrid work and digital collaboration, the threat of phishing attacks is only growing. Cybercriminals are increasingly targeting collaboration platforms, leaving businesses at risk of significant financial and reputational damage. To defend against these evolving threats, businesses must adopt zero-trust web browser protection solutions like ConcealBrowse. With its ability to proactively detect and isolate malicious activity, ConcealBrowse provides a robust line of defense that keeps enterprise users safe and preserves the integrity of their digital assets. Click here to schedule of demo of ConcealBrowse today.

Written By: Conceal Research Team

Virtual Bank. Digital technology concept Financial transactions, banking on online networks, protection systems with cyber security. Bank icon and currency connected polygon on dark blue background.

The Growing Impact of Cybersecurity on Credit Ratings: What Companies Need to Know

As cybersecurity becomes an increasingly vital aspect of a company’s operations, credit rating agencies are beginning to incorporate cybersecurity factors into their evaluations of corporate creditworthiness. This shift highlights the growing importance of strong cybersecurity practices in maintaining a company’s financial stability and reputation. In this blog post, we will discuss how credit rating agencies are now considering cybersecurity in their assessments and what companies can do to improve their cyber risk management. 

Cybersecurity as a Credit Rating Factor

A recent report by The Washington Post revealed that credit rating agencies such as Moody’s, S&P Global Ratings, and Fitch Ratings are increasingly looking at a company’s cybersecurity posture when determining credit ratings. This move follows a growing trend of cyberattacks targeting corporations, which have led to significant financial losses and reputational damage for the affected businesses.

Companies that have suffered major cybersecurity incidents, such as data breaches or ransomware attacks, are now more likely to see their credit ratings downgraded. This can lead to higher borrowing costs and a reduced ability to access capital markets. On the other hand, companies with robust cybersecurity practices may receive more favorable credit ratings, potentially lowering their cost of capital and increasing their attractiveness to investors. 

How can companies protect their bottom line?

To effectively incorporate cybersecurity factors into credit ratings, agencies are increasingly relying on cyber risk assessments. These assessments aim to evaluate a company’s cyber risk exposure and its ability to prevent, detect, and respond to cyber threats. Credit rating agencies may also consider the potential financial impact of a cyber incident on a company’s balance sheet, cash flow, and overall creditworthiness. 

The Post report notes that small and medium sized businesses are the least likely to invest enough in cyber security measures. Tools like ConcealBrowse can provide tremendous bang for the buck, providing critical missing coverage over an entire organization at a manageable cost.

Given the growing importance of cybersecurity in credit ratings, companies must prioritize cyber risk management in their overall business strategy. Here are a few steps businesses can take to enhance their cybersecurity posture: 

  1. Implement a comprehensive cybersecurity framework: Companies should adopt a recognized cybersecurity framework, such as the NIST Cybersecurity Framework or the ISO/IEC 27001 standard, to guide their cybersecurity policies and procedures.
  2. Embrace zero-trust principles wherever possible: Employees are often the weakest link in any cybersecurity program. While training and awareness programs can reduce the chances of falling victim to phishing or other types of trust-based attacks, invest in solutions like ConcealBrowse that take decisions on trust and risk assessment out of the hands of the end user.
  3. Regularly assess cyber risk exposure: Conducting regular cyber risk assessments can help organizations identify vulnerabilities and gaps in their cybersecurity defenses, allowing them to take appropriate remedial actions.
  4. Collaborate with industry peers and government agencies: Sharing information on cyber threats and best practices with other companies and government organizations can help businesses stay ahead of emerging cyber risks.
  5. Engage with credit rating agencies: Companies should proactively engage with credit rating agencies to understand their cybersecurity expectations and communicate their efforts to address cyber risks.


The incorporation of cybersecurity factors into credit ratings highlights the growing recognition of cyber risk as a significant business concern. Companies that prioritize cyber risk management and demonstrate robust cybersecurity practices are more likely to receive favorable credit ratings, which can have tangible benefits in terms of lower borrowing costs and increased investor confidence. By taking proactive steps to improve their cybersecurity posture, businesses can better position themselves for long-term success in an increasingly interconnected and cyber-risky world.

To find out more about how ConcealBrowse can make your business more secure and less risky to creditors and investors, click here to schedule a demo today.

bank collapse

Conceal Threat Alert: SVB Opportunistic Phishing Attacks

As all security professionals know, phishing attacks are a constant threat.

Cybercriminals are relentless in their efforts to deceive individuals into revealing sensitive information, and the consequences can be devastating. March 2023 witnessed a prime example of how a crisis can create a ripe environment for phishing campaigns to thrive. The collapse of Silicon Valley Bank (SVB) and the subsequent phishing attacks targeting its customers offer a cautionary tale and highlight the importance of zero-trust protection measures.

SVB, a major U.S. bank known for providing financial services to some of the largest tech investors and startups, collapsed on March 10, 2023. Federal regulators under the control of the Federal Deposit Insurance Corporation (FDIC) took over the bank after depositors rushed to withdraw billions of dollars in deposits. The financial crisis garnered worldwide attention and created an atmosphere of chaos and stress that cyber criminals naturally sought to exploit. Amid the bank’s collapse, a series of phishing campaigns impersonating SVB began to emerge. A recent article on Cybersecurity Magazine conducted an analysis of SVB-related phishing attacks and noted that the ongoing banking crisis is likely to provide more opportunities for attackers as more banks become stressed and fail.

In the context of online financial services, phishing attacks can involve fake login pages or emails that impersonate legitimate financial institutions. Unsuspecting victims may provide sensitive information, such as login credentials or financial data, to these fake websites. This information can then be used for criminal activities like identity theft or financial fraud. In fact, the credentials themselves can have tremendous value on the open market, with verified admin accounts in some cases being sold for up to $120,000. In some cases, victims are redirected to the real site, giving them the impression that they are interacting with the legitimate institution while providing their credentials to attackers.

Attackers in the SVB phishing campaign created domains that closely resembled SVB’s name, often containing minor variations and financial terms to lure individuals into clicking on malicious links. More than 90 new domains were registered for use in attacks against targets, mainly in the U.S. The report identified one Turkish attacker that began utilizing a fraudulent domain within a few hours of its registration.

conceal svb

The aftermath of the SVB collapse and the ensuing phishing attacks underscore the necessity of proactive cybersecurity measures. In times of crisis, hackers often prey on fear and confusion, making it essential for individuals to remain vigilant. However, even with extreme vigilance and thorough cyber security training, crises like the SVB collapse can impair user’s judgment about messages related to the event. That is why it’s critical to remove the burden of judging risk from the user and put it in the hands of objective security tools like ConcealBrowse.

The browser-based phishing protection provided by ConcealBrowse is an indispensable tool in mitigating the risks of phishing attacks and safeguarding valuable information when end users don’t know who they can trust. The SVB phishing campaign serves as a reminder of the ever-present threat of phishing and the need for robust security measures. By utilizing tools like ConcealBrowse and staying informed about the latest cybersecurity threats, individuals and organizations can better protect themselves from falling victim to cybercriminals’ deceptive tactics. 

Click here to schedule a demo of ConcealBrowse today and see how it can keep your users safe from opportunistic attacks like these.

Written By: Conceal Research Team

MSP Profitability

How to Increase Your Profitability as an MSP

Maintain MSP Profitability in an Era of Economic Uncertainty

We know that as a managed service provider increased profitability is key to growth and success in the industry. As a MSP first company, here are some strategies that we have seen increase profitability as an MSP:

Recurring Revenue

Maximize on opportunities where you can offer services that generate revenue that is recurring. Examples of such services include managed security services. This approach helps reduce the need to strategize on one-time product work with a customer and rather lets you focus on a stable revenue stream.

Effective Operations

Effective operations come down to the tools and processes being leveraged to provide your services to a customer. When effective, these operations can increase productivity while reducing costs and minimizing errors. Manners by which effective operations can be achieved is through automation as well as through the standardization of processes and procedures and effective project management.

Competitive Pricing

If you are able to develop an optimized pricing model, you can maximize revenue while remaining competitive in the MSP market. A common mechanism for competitive pricing requires the MSP to leverage value-based pricing so that you can charge based on the value the service you are providing brings to the customer.

Service Expansion

Continuously invest in offering development so that you are offering the services that meet the needs of your customers. We see MSPs breaking into the security market, a relatively untapped market by MSPs to date. This allows an increase in revenue streams and provides the opportunity to both upsell and cross-sell to customers.

Strategic Partnerships

Investing in partners that complement the offerings, solutions and missions of your organization is key to expanding your service offering even further. As mentioned above, continuous offering development is key to ensuring you have the offerings your customers need. By investing in strategic partnerships, you can provide you customers with a more comprehensive solution.

Cost Management

To increase profitability, MSP’s must manage and minimize costs. Determining unnecessary expenses and managing costs effectively are key to improving profitability. This optimization can be done by revisiting staffing levels, implementing cost-saving technology and ensuring the most beneficial vendor contracts.

Your Next Strategic Partner

Here at Conceal, we are invested in helping you implement a strategy that includes maximizing profitability. A strategic partnership with Conceal allows you, as an MSP, to expand your services while streamlining effective operations and investing in services that result in recurring revenue. Additionally, ConcealBrowse enhances your ability to manage cost by minimizing the need for user interaction. The lightweight implementation and operation of the browser plugin allows you to best protect your customers at the edge while also minimizing the resourcing needed to address alerts from the browser in the SOC.

ConcealBrowse offers a tremendous opportunity to provide innovative solutions that address the top two cyber threats affecting small and midsize companies: ransomware and credential theft. A simple, drop-in solution, ConcealBrowse can be easily added to existing security packages or be a stand-alone solution for companies that lack protection, allowing them to instantly add a security control that may have seemed out of reach with their existing security budget.

Position yourself for long-term growth and success by investing in a strategy that increases your overall profitability. Become a Conceal Partner today to start maximizing your profitability and expand your services to secure the edge.

phishing attack

Conceal Threat Alert: Phishing Attack Bypasses Traditional Controls, ConcealBrowse to the Rescue

Threat actors can be downright crafty, and motivated actors tend to take their attacks to the next level.  So where does this leave employees who are targets of more sophisticated attacks?  Many times, they are left to their intuition and, if they are lucky, any skills they have acquired through traditional awareness training. In other words, the security of the user, their device, and the organization are reliant on recalling information from their last awareness training session.  Despite increased spend on baseline cyber security tools such as email gateways, web gateways, EDR solutions and awareness training, we continue to see an increase in successful attacks such as credential theft (phishing attacks that politely ask users for their login credentials) and ransomware. By utilizing ConcealBrowse, we illustrate how a credential phishing attack that bypassed traditional security controls was successfully prevented.

Anatomy of the Attack


phishing email

The email above was sent from a legitimate and most likely compromised email address.  By sending from a real email account, the attackers evade common baseline checks such as SPF, DMARC and IP spoofing checks.  Next up, they worked on the message content, including legitimate Microsoft message content, images and prompts; this part of their attack helped evade technical content controls as well as build trust with the recipient.  In addition to the realistic content, the attackers also added some conversational banter at the bottom of the email (well past where normal humans would scroll!), which appears geared to improve deliverability.  The rest of their tactics continue to circumvent both human and technical detection by presenting authentic-looking URLs to websites that have been recently compromised and then ultimately using the compromised first hop to redirect the user to the credential theft site, which was hosted on a recently acquired domain.  

This example highlights a few of the techniques attackers use daily to evade existing controls and dupe users into action.  A recent report from security firm Cofense identified that 67% of emails reported by users led to credential theft webpages.  Additionally, they found that 52% of credential theft emails abuse the Microsoft brand and that 70% of reported credential theft emails bypassed secure email gateways.  With these staggering statistics, it is clear that even with best-in-class controls, employees are at a stark disadvantage to the well-funded adversaries whose mission is to gain access to their credentials to advance their nefarious activities further.

Anatomy of the Prevention

When the user clicked the link in the convincing and delivered email, ConcealBrowse was poised and ready to jump into action. As a browser extension, ConcealBrowse analyzed the URL and determined that some attributes of the page had unknown risk profiles and others displayed risk indicators, but overall, the page was not yet known to be malicious.  This is a perfect example of the nature of current web-based threats that crop up and disappear in a moving window of inherent risk that is simply not apparent to users and existing technical controls.

Once ConcealBrowse determined that it didn’t have a clear security posture verdict for the URL at that point in time, it seamlessly moved the webpage into isolation, instantly protecting the user from potential risk and allowing the page to be loaded and interacted with.  At this stage, ConcealBrowse was able to apply secondary security posture checks which identified a user authentication (login) form, which, in turn, triggered Conceal’s Credential Guard to evaluate the page for signs of credential theft.  Using AI modeling, ConcealBrowse was able to inspect the technical and visual attributes of the webpage to determine that it was a phishing webpage. At this point, ConcealBrowse protected the user session by preventing the end-user from entering data into the form and visually alerted that the page was attempting to steal their login information.  

The Result

Typically, these attacks don’t end so well, and organizations spend time and money cleaning up after the incident.  In this case, the user was protected by ConcealBrowse therefore, there was no incident. Instead, their security team inherited real-time telemetry about a credential theft website.  Using Conceal’s integration framework, the customer was able to stream the telemetry into their SIEM and automatically update other controls to take advantage of this new information. 

Regardless of how trustworthy your users think a link might be, ConcealBrowse scans every URL using state-of-the-art techniques and applies our proprietary threat identification model and computer vision to identify and block phishing attempts and malware downloads.

You can experience the power of our Zero-Trust at the Edge security model today by requesting a free ConcealBrowse trial or by scheduling a demo with our team of experienced security professionals.

Written By: Conceal Research Team