AI

Browser-Based Threat Alert: ChatGPT May Be Causing More Harm Than Good

/in /by

In the cybersecurity space, ChatGPT has already helped elevate threat actors ability to maliciously deploy attacks on a global scale

At first glance, ChatGPT seems like an ethical machine model with responses programmed to address questionable inputs.  Just this week, when asked how it can be used to write phishing emails and malicious code, the following response as given: 

“I cannot provide information or assistance on how to write phishing emails or malicious code. Engaging in such activities is unethical and illegal, and OpenAI has strict policies against providing information or assistance with malicious or harmful activities.

Phishing emails and malicious code can cause significant harm to individuals and organizations, and their use should be strongly discouraged. Instead, I encourage you to focus on ethical and legal uses of AI and technology that benefit society and promote positive outcomes.”

But, when you look under the hood and begin to understand how to request information, threat actors are finding ways to leverage ChatGPT for malicious intent.   So far, we can confidently talk about ChatGPTs success in creating successful social engineering campaigns and malware.  

Social Engineering 

Recently we discussed how phishing attacks are increasing in number and complexity in a blog post, now we have a new concern.   Beyond phishing kits being made available on the dark web as discussed here, now, threat actors do not even have to access the underground to be able to receive necessary materials to perform a successful social engineering campaign.  While one has to be creative to avoid the canned “I’m sorry, but I cannot provide you with an example of a phishing email. Phishing emails are used to trick individuals into revealing their personal and financial information, and their use is illegal and unethical. It is not appropriate to use such examples for educational purposes” response, researchers around the world are proving the ability to still get creative to get the anticipated results.  What is also increasingly concerning is the language barrier problem that has previously been an advantage for security teams to detect phishing emails due to grammar mistakes and other subtle characteristics that users can detect to question the validity of an email.  

Malware

ChatGPT has been able to write “fairly decent malware” according to many sources in the early days since the release of the AI platform.  In cybersecurity forums around the world, the community has come together to talk through the abilities ChatGPT has to build software that can be used for spam, espionage, ransomware and more.  In one instance, a user in a forum explained that ChatGPT was able to provide code that included encryption, decryption and code signing capabilities.  In another forum, ChatGPT had successfully created crimeware.  The user requested ChatGPT to create a bazaar for buying and trading compromised credentials on the dark web.  

Addressing the Harm 

With an increased availability to creating malicious code and socially engineered content, organizations must be prepared to proactively protect against these new changes to the threat landscape.  Increased quantity and potential sophistication should be a concern of security teams as ChatGPT enables script kiddies around the world.  

Now, more than ever, browser security will be paramount in an organizations cybersecurity strategy.  Browsers can be targeted by attackers who use them to spread malware, such as viruses and Trojans. These infections can compromise the security of the device, steal sensitive information, and spread to other devices on the network.  Protecting users when surfing the web, opening an email, or leveraging an application will provide cybersecurity teams a level of assurance in their proactive protection abilities.  

Learn how ConcealBrowse can be a part of your organization’s strategy to protect against the harm of ChatGPT by requesting a demo today. 

computer malware

Conceal Threat Alert: Attackers Behind “Screenshotter” Malware Hit Tens of Thousands of Targets in US and Germany

/in /by

On February 8th, Proofpoint reported on a new threat actor referred to as TA886, which it discovered targeting organizations in the United States and Germany using custom malware called “Screenshotter.” TA886 utilizes a few different initial attack vectors, all delivered via email. While one technique involved directly attaching malicious Microsoft Publisher files to the email, three other techniques relied on users to click on malicious links that would then be opened in the browser. 

The attackers drastically increased the scale of the attacks once they switched to the browser-based attacks, ramping up from a limited number of emails to a small group of companies with the initial Publisher attack vector, to tens of thousands malicious emails per week with the browser-accessed URL vector.

Once these URLs are loaded, the Screenshotter malware takes screenshots of the victim’s machine and sends them back to the attacker’s server for review. The attackers evaluate the screenshots and decide whether the victim is of value, dropping additional custom payloads that can include a domain profiler script and an info-stealer named “Rhadamanthys” that is loaded into memory. Once these individual tools are loaded, the attackers can steal data and credentials from the machine and map out the victim’s network for possible future lateral movement.

How can modern browser protection solutions prevent this attack?

To prevent these types of attacks, organizations can use advanced browser protection technology like ConcealBrowse’s secure browsing plugin. This plugin blocks phishing and other malicious websites and prevents users from entering login credentials on fake login pages. The technology uses computer vision to detect and block phishing websites, as well as an advanced decision engine that identifies known and suspected malicious URLs so that they can be blocked.

ConcealBrowse’s secure browser extension identifies malicious links wherever they are clicked. This means users of ConcealBrowse are proactively protected from the malicious web sites containing the Screenshotter malware, regardless of whether they receive the link in the email or from another vector.

The discovery of TA886 and their Screenshotter malware highlights the need for organizations to use browser-hardening solutions like ConcealBrowse’s secure browser extension to protect against sophisticated attacks. With ConcealBrowse, organizations can prevent attackers from stealing sensitive information and reduce the risk of data breaches and financial loss.

Written by: Conceal Research Team

Customer Testimonial: The Power of ConcealBrowse – Protecting Organizations When Trusted Sites are Compromised

/in /by

What happens when a trusted partner’s web site is compromised, and actions that your employees believe to be safe no longer are? A recent incident reported by one ConcealBrowse customer highlights the importance of having effective browser protection in place and the benefits of using ConcealBrowse.

An employee of the company attempted to log into one of their partner’s websites, but attackers had compromised the partner site and replaced a link the customer routinely used with a link to a malicious website. ConcealBrowse identified that the link was malicious and isolated it so that it couldn’t affect the customer’s network.  The security team was able to use the telemetry data generated by ConcealBrowse to do a follow-up investigation and notify the affected partner that their website was compromised.

How does ConcealBrowse protect users when trusted sites are compromised?

ConcealBrowse checks the reputation of websites against a constantly updated database of known malicious sites and suspicious domains, ensuring that users are protected against the latest threats. We then use machine learning and computer vision to detect and block phishing websites in real-time. By analyzing the website’s content and behavior, ConcealBrowse can identify signs of compromise and alert the user before they become a victim.

In addition to its anti-phishing capabilities, ConcealBrowse also provides browser-based protection against malware, spyware, and other forms of cyber threats. This comprehensive approach to cybersecurity helps to keep our customers’ sensitive information and systems safe from attack.

Phishing attacks are becoming more sophisticated, and traditional methods of protection such as email-based anti-phishing software and user training are no longer enough. That is why having ConcealBrowse’s browser-based security solution is essential for companies looking to protect themselves from these types of attacks.

Our customer’s recent experience highlights the importance of having effective anti-phishing software in place, and the benefits of using ConcealBrowse. Our software provides real-life protection against phishing attacks, helping companies to keep their sensitive information and systems safe from harm.

If you would like to learn more about how ConcealBrowse can protect your company from phishing, ransomware, and other browser-based attacks, schedule a demo today.

Phishing Attacks Evade Traditional Security Defenses

/in /by
Native security is no longer sufficient, requiring organizations to invest in a new approach, a Zero Trust model.

 We talk a lot about the growing sophistication of the threat landscape and attack vectors.  Part of these advancements include the threat actors’ ability to bypass security defenses that have been created from specific signatures and characteristics that traditional phishing attacks possessed.

Dissecting the Success of Phishing Attacks

Phishing campaigns are successful for two key reasons: people and process.  It is a combination of these two components of a phishing campaign that have led to the shortcomings of traditional security tools and measures.

People

The traditional characteristics of a phishing attack, such as grammar errors, misspellings, unfamiliar email addresses, and an unusual request, no longer exist.  Rather, a single lapse in judgment is enough to have users fall victim to a phishing attack anymore.  Traditional security training does not provide a user with the degree of awareness needed to point out a phishing campaign in the twenty-first century.  Spoofed email addresses, brand impersonation, and browser updates all seem legitimate at first and second glance.  Phishing attack cues are evolving.

Process

Today, the legitimacy of the channels for which phishing attacks occur make the bypassing of traditional security defenses a rather easy feat.  Email, web browsers, and social media applications have complicated the required security measures to detect and respond to phishing attacks.  The process of running a phishing campaign is quite novice, making it an easy attack vector for amateur threat actors to leverage.  The technical knowledge necessary to deploy a phishing attack is minimal and with entire phishing kits for sale at a low cost on the dark web, the pure quantity of attacks continues to rise.

Traditional Defenses Are Not Enough

As explored above, the traditional approach to protecting against a phishing attack is unlikely to prove successful.  It’s the combination of convincing users that the correspondence is legitimate and being able to dodge traditional security measures that escalates the severity and success of phishing attacks in 2023.  Rather, organizations need to invest in technical controls for a sophisticated social engineering landscape.

Change in Approach

To protect against phishing attacks in 2023, activity needs to be judged on an instance-by-instance basis, meaning, every email link clicked, every Google Chrome update, every URL visited, needs to pass through its own filters.  The zero-trust model is critical to minimizing the success of social engineering attacks.  With this model, only proven safe activity should be trusted.  In the terms of cybersecurity, this is similar to a whitelist approach.  The issue with a whitelist approach is that employees still need to be able to complete their responsibilities with ease, not bumping against the whitelist that exists.  As a result, a modified approach to filtering needs to be taken, recognized whitelist activity can continue per usual, while additional questioning and isolation is conducted for new traffic.  Beyond the additional security this approach provides, it also establishes a level of confidence and comfortability for the employee that they are being cyber smart without them having to second guess every click on their company network.

Here at Conceal, our browser exists to bring this zero trust approach to life at the edge.  To find out how we can help you change your approach to address phishing and other social engineering attacks on the web, request a demo today.

Phishing email

Conceal Threat Alert: Reddit Internal Systems Compromised by Targeted Phishing Attack

/in /by

On February 9th, Reddit reported a security incident that resulted from a sophisticated and highly-targeted phishing attack. The attacker sent out plausible-sounding prompts to Reddit employees that pointed them to a website that cloned the behavior of the company’s intranet gateway, to steal credentials and second-factor tokens. After successfully obtaining a single employee’s credentials, the attacker gained access to internal documents, code, and internal business systems.

Reddit reported that their investigation so far has shown that user passwords and accounts are safe, and that the primary production systems, which run Reddit and store the majority of its data, have not been breached. However, the exposure included contact information for company contacts and employees (current and former), as well as advertiser information.

Reddit’s security team responded quickly to the incident, removing the infiltrator’s access, and commencing an internal investigation. The company reported that its response includes training employees to improve their security skills, reminding users to set up two-factor authentication (2FA) and to use a password manager to protect their accounts.

ConcealBrowse’s browser-based phishing protection extension could have helped prevent this attack. The anti-phishing capabilities built in to ConcealBrowse can identify phishing sites utilizing computer vision and machine learning algorithms in addition to threat intelligence and domain name risk assessments. When ConcealBrowse identifies a potentially dangerous site, it opens it in an isolated environment outside of your network. Phishing sites are then identified, and users are blocked from inputting credentials or providing personal information. By adding an extra layer of security to the browsing experience, ConcealBrowse protects users from falling victim to phishing attacks, even when the emails and websites look legitimate.

How could Conceal’s browser isolation and advanced phishing protection have prevented this attack?

Reddit’s recent security incident serves as a reminder of the importance of being vigilant and proactive about online security. By taking simple measures such as setting up 2FA, using a password manager, risk can be reduced. However, this incident proves it only takes one user making the wrong decision to cause severe reputational and monetary damage to your company. By adding ConcealBrowse’s browser-based phishing protection extension, your company can take the responsibility for stopping phishing out of the hands of the user.

Click here to sign up for a free trial of ConcealBrowse to see for yourself how you can protect your company from expensive, reputation-damaging phishing attacks.

Written by: Conceal Research Team

application security

Making the Most Out of 2023 Cyber Budgets

/in /by

Minimize risk at the application layer with an affordable secure browser solution 

Recently, a study released by Neustar International Security Council found that only half of responding companies currently have the necessary budget to address their cybersecurity needs.  With the increased sophistication of the threat landscape combined with the global focus on protecting against cyber threats, especially ransomware, the lack of sufficient budget is a growing concern for the cybersecurity community.  

Furthermore, the study found that only 11% of responding organizations had enough budget to cover their most critical assets.  Securing critical assets is a fundamental responsibility of a cybersecurity program.  Without enough of a budget to cover for this need, organizations are going to need to get creative in their 2023 approach to establishing a sufficient cybersecurity posture to protect crown jewels.  

Getting the Most Bang for Your Buck 

A cost conscious cybersecurity strategy requires organizations to think out of the box when developing their 2023 roadmap.  The onion, or multi-layer, approach to cybersecurity allows organizations to look at ways to proactively defend their network at different layers.  The Open Systems Interconnection model, better known as the OSI model, is a popular framework used to maximize the multi-layer approach, breaking down the network by layers of communication and data exchange.  Investing at each layer may not be feasible in 2023 but ensuring that you get the most out of the investments an organization does make will be crucial to maximizing security.  

The seven layers of the OSI model include the physical, data link, network, transport, session, presentation and application layers.  Protection at each layer provides an additional, unique level of protection that a bad actor must go through to get to and cause havoc within an environment.  Protection at each layer can provide unique qualities of security that add safeguards if threat actors are able to bypass the preceding layer(s).  Of the most concerning risks that organizations have on the horizon of 2023 are the continued concerns of ransomware and credential theft.  Minimizing the initial threat vectors associated with these risks will be crucial to organizations minimizing their security risk with their constrained budgets.  Luckily, there are solutions that can address these top risks while providing security to multiple layers of the OSI model.  

Your Affordable Secure Browser Solution

Securing your network at the edge has the ability to minimize significant cybersecurity risk due to its breadth and depth when properly deployed.  ConcealBrowse is your cost effective and frictionless secure browser solution. A lightweight browser extension, ConcealBrowse converts any browser into a ZeroTrust, secure browser stopping ransomware and credential theft that bypass other security controls. Deployed in minutes and seamless to the user, Conceal protects your employees where it matters most, at the edge.  This approach minimizes continued concerns of ransomware and credential theft while providing protection at multiple layers.  By securing your web browser, ConcealBrowse provides security at the application layer and by isolating potentially malicious sessions through our dynamic routing network, the presentation, sessions, transport and network layers also receive a degree of security.  

To find out how our affordable secure browser solution can help you maximize your investment in security at the edge, schedule a demo today.

data breach padlock

Conceal Threat Alert: Data Breach at MailChimp

/in /by

Security reporter Graham Cluley recently reported on a data breach at the email newsletter service Mailchimp, which resulted in the exposure of customer data. However, this breach affects more than just Mailchimp customers. Even if you are not a Mailchimp customer, you may still be impacted by the breach.

Sportsbook and betting website FanDuel (like many, many other companies) outsourced its newsletter management to Mailchimp, which meant Mailchimp took responsibility for securing FanDuel’s customers’ email addresses and other personal data. Unfortunately, the company failed in its responsibility, leading to a security breach that impacted several of its clients, including FanDuel.

FanDuel has since sent warnings to its customers, informing them that their names and email addresses were exposed in the breach. However, no other personal information such as passwords, financial information, or the like were acquired.

The exposure of customers’ names and email addresses in the Mailchimp data breach is not just a minor inconvenience, however. The information that was acquired by the unauthorized actors could be used in targeted and personalized phishing attacks aimed at FanDuel users. Cybercriminals could create convincing-looking phishing emails that may trick unsuspecting users into revealing more information, such as their passwords.

How can we get better at phishing protection?

Phishing attacks are becoming increasingly sophisticated and can be difficult to detect. The use of the customer’s name and email address in the phishing email makes the attack even more convincing and increases the likelihood of the user falling for the scam. The cybercriminals could use the stolen information to send emails that appear to be from FanDuel, asking the recipient to provide additional personal or financial information. Fortunately, ConcealBrowse has advanced anti-phishing protection that identifies phishing sites using computer vision and machine learning, and stops users from providing their personal information.

Because phishing attacks are only successful if the victim is convinced a phishing site is legitimate, common advice to protect against phishing attacks is focused on user education and behavior. This includes being vigilant when receiving emails that ask for personal or financial information, even if they appear to be from a trusted source. Additionally, victims are urged to be cautious of any suspicious or unexpected emails, and not click on any links or download any attachments from unknown or untrusted sources. While all of this is solid advice, the fact remains that users will make bad decisions and provide information to phishing sites if they are forced to rely on their own judgment. ConcealBrowse’s secure browser anti-phishing solution removes that burden from users.

The Mailchimp data breach highlights the importance of protecting personal information and utilizing advanced phishing protection and browser security solutions. User education and email client-based phishing protection simply aren’t good enough. Click here to sign up for a free ConcealBrowse account and start protecting your company from sophisticated phishing attacks like this one today.

Written by: Conceal Research Team

Traditional Endpoint Protection Platforms Are No Longer Sufficient

/in /by

Endpoint protection is a critical component of any organization’s cybersecurity strategy. It involves the use of software and hardware solutions to protect the various endpoint devices within a network, such as laptops, servers, and mobile devices, from cyber threats. Protection at the endpoint is even more important in the age of remote work and bring-your-own-device IT policies when endpoints frequently have access to sensitive applications and data while being outside the protection of traditional network-based security solutions.

Endpoint protection platforms (EPPs) have evolved to include advanced features such as real-time threat detection and response, machine learning-based malware detection, and cloud-based management. These solutions are designed to detect and respond to a wide range of cyber threats, including malware, ransomware, and phishing attacks.

Current Shortcomings of Endpoint Protection Platforms (EPPs)

Despite recent advancements in endpoint protection, there are still several shortcomings that organizations need to be aware of:

  1. Ineffective: EPPs are only as effective as their ability to detect and respond to new and emerging threats. As a result, with the constant evolution of cyber threats, it can be difficult for EPPs to keep up and provide adequate protection.
  2. Resource Intensive: Endpoint protection solutions can be resource-intensive and negatively impact the performance of devices they protect. This can be especially problematic for organizations with limited IT resources. EPPs typically have extensive setup and configuration requirements and require a considerable time investment from already overstretched security and IT teams.
  3. Limited Protection: EPPs can sometimes be bypassed by sophisticated attackers or even by users who may unknowingly download malware or fall for phishing scams. They rely on users to make good decisions to prevent certain attacks. For example, if an employee receives an email that appears to be from their bank and it requests personal information, they may provide it without realizing it’s a phishing scam. In this case, the EPP may not detect the threat because it is disguised as legitimate communication. In short, while EPPs are a critical component of an organization’s cybersecurity strategy, they are dependent on human decisions that are frequently affected by misplaced trust.

An Emergent Solution

As organizations have increasingly come to see that EPPs cannot provide a holistic security solution, a new class of “enterprise browsers” and browser-based security solutions have taken off and gained attention from investors. While most do provide an additional layer of protection, they simultaneously increase the complexity of the IT environment on top of the complexity already introduced by the EPPs. Still, these solutions can help address some of EPPs shortcomings by enforcing zero-trust concepts and removing the burden from users of making judgments about which links and files are safe to click.

ConcealBrowse is the newest entry in this emerging class of solutions. Instead of introducing a new layer of IT complexity, ConcealBrowse provides plug-and-play protection via an easy-to-manage browser extension. ConcealBrowse transparently checks every link and every web site a user visits with both historical and predictive intelligence about URLs. Dangerous activity is blocked, while risky sites and applications are opened in a cloud-based isolated browsing environment where they can’t access your devices or network. ConcealBrowse can fill in the gaps left by EPPs in a package that is easy to manage and affordable to deploy across an organization.

Click here to try out ConcealBrowse for free or schedule a demo so that we can show you how ConcealBrowse can drastically improve your cybersecurity posture.

email phishing

Conceal Threat Alert: Government Employees Money Stolen through Targeted Phishing Campaign

/in /by

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency, and Multi-State Information Sharing and Analysis Center have released a joint advisory warning network defenders about the malicious use of legitimate remote monitoring and management (RMM) software against government employees to steal banking credentials.

In October 2022, CISA identified a widespread cyber campaign involving the malicious use of legitimate RMM software. Specifically, criminal actors sent phishing emails that led to the download of legitimate RMM software which the actors used in a refund scam to steal money from victim bank accounts.

In one technique, the actors sent an email that mimicked legitimate brands with a link to an actor-controlled website that provided an RMM install file pre-configured to connect to the actor’s servers. In another, they provided a phone number to call in the email, and upon calling the number the victim would be directed to one of the malicious web sites.

In both cases, the actor would then deceive the victim into logging into bank accounts while the actor was monitoring their actions remotely via the RMM software. They could then manipulate what the victim was seeing on their screen to convince them they had received an excessive refund, that they would then be directed to “correct” by sending the actor money.

The authors of the advisory assess that this campaign could lead to additional types of malicious activity such as selling victim account access to other cybercriminals or advanced persistent threat actors. This highlights the threat of malicious cyber activity associated with legitimate RMM software: after gaining access to the target network via phishing or other techniques, malicious actors are known to use legitimate RMM software as a backdoor for persistence and/or command and control (C2).

Once the RMM software has been installed by the victim and the attacker has gained their trust, there is little that existing solutions can do to prevent the attacker from stealing the data they are targeting. That is why it’s crucial to prevent the attack from its earliest stages, in this case – and in many others – when the user attempts to visit the malicious web site in their browser.

What’s the Best Browser Security for Phishing Protection?

We built ConcealBrowse because we know that more and more of company’s employees are working and living inside the browser. Our advanced anti-phishing protection combined with our intelligent decision engine protects users from phishing attacks using a combination of intelligence and computer vision technology that identifies web sites mimicking real brands and blocking users from downloading files or entering their information on those sites. In this case, that means the RMM would never have been downloaded by the potential victims in the first place.

If you’d like to see how ConcealBrowse can protect your business against phishing and ransomware attacks with our advanced browser protection, try ConcealBrowse for free today.

Written by: Conceal Research Team

password breach

Conceal Threat Alert: Re-used Passwords Result in Breach of 35,000 PayPal Accounts

/in /by

American Banker recently reported on a massive credential stuffing attack that resulted in 35,000 PayPal accounts being breached. The attack exposed personal information including Social Security numbers and phone numbers.

Credential stuffing attacks utilize stolen user login IDs and passwords from various sources, including phishing attacks and credential-stealing malware, to programmatically attempt to log in to large numbers of user accounts. Even if the attacker steals credentials for one website, credential stuffing is often successful because people use the same credentials across multiple sites. This means the attackers can conduct phishing attacks that mimic less sensitive web sites than financial ones like PayPal, then use those credentials to access more sensitive websites and steal money or more sensitive information.

While PayPal said it was unclear how the credentials used in this attack were obtained, they did say they have no evidence they came from PayPal systems and were “likely” from phishing.

PayPal didn’t report that any users lost money from the breach, but given the sensitivity of the personal information stolen, the attackers have gained some key tools for conducting follow-on attacks that could allow them to cause financial harm to the victims in the future.

How Can Companies Stop Credential Stuffing Attacks?

Credential stuffing is the culmination of a chain of attacks that each attempt to steal more and more sensitive information. The initial credentials can be obtained in various ways. In addition to phishing, credentials can also be purchased on the dark web or obtained in data theft operations against less secure targets. These credentials can then be used en masse in credential stuffing attacks against a wide array of web sites. Because so many accounts in so many places can be attacked in an automated fashion, at least some successes are almost guaranteed. With access to personal accounts, the attacker now has a database of personal information that they can use to conduct more targeted attacks with more valuable payouts.

Because there are so many stages of these attacks and multiple ways that the credentials can be obtained in the first place, there’s no silver bullet solution to completely prevent them. For instance, two-factor authentication can often thwart the credential-stuffing stage of the attack, but this occurs after credentials have already been stolen. Using unique passwords for every account can also be effective. Several measures are required to secure customer data from other types of data theft attacks on servers.

All this makes the problem of protecting against these attacks sound daunting – and it is – but the key factor is that many of these attacks are possible because an earlier phishing attack was successful. ConcealBrowse’s advanced phishing protection sits at the beginning of the attack chain, the browser, and prevents attackers from obtaining credentials in the first place.

Head Off Credential Theft with Advanced Phishing Protection and Dynamic Remote Browser Isolation

Click here to sign up for a free ConcealBrowse account to see for yourself how ConcealBrowse can protect your company and employees from phishing attacks and malware. If the attackers can’t get your users’ credentials now, they can’t use them to steal sensitive data across the Internet later.

Written by: Conceal Research Team