Browser-Based Threat Report: Feb 5

/in /by

Browser-Based Threat Report

Week of February 5th, 2024

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of February 5th, 2024, unveils critical insights into the ever-evolving landscape of online threats.

The following report highlights recently detected sites that were deemed suspicious:

_____________

SHA-256:575e16e99fc8d3ac02f853c6bed65238f23bd6013a7e2321b4c260a171ad5047

browser hijacking

screenshot of homepage for a browser extension that was flagged by security vendors for malware, likely due to browser hijacking

This URL was detected by ConcealBrowse on February 2nd, 2024. It was flagged by four security vendors on December 4th and is still currently flagged by four vendors. ConcealBrowse intervened, assigning the page a 23% risk score due to potential malware.

This is the homepage for a browser extension that was flagged by security vendors for malware, likely due to browser hijacking. Browser hijacking occurs when software changes how your web browser interacts with websites. For example, it may change your home screen to a different search engine or redirect you to malicious websites. While in most cases it is more of a nuisance than nefarious, these types of extensions could easily redirect you to sites that could do more damage or steal your credentials.

Conceal recommendation: This URL and IP should be blocked with ConcealBrowse’s policies and by your other security tools. 

_____________

SHA-256: c81549a6aa1a44d1858feaab9d01060950658b929e39c257b9d2854dd76b1387

This URL was detected by ConcealBrowse on February 1st, 2024. It was originally detected by 4 security vendors the same day, and that number has not changed. ConcealBrowse intervened, assigning the page a 14% risk score due to suspicion.

Although the page has since been removed by Microsoft, this site hosted a tech support scam. Tech support scams will claim that the user’s computer contains malicious software or viruses and prompt them to call a number to remove them. These numbers will pretend to be Microsoft support, but their goal is to steal personal information and money from victims. Sometimes, these scams will go as far as to tell the user to download malware onto their machine so that they can be exploited again in the future.

Conceal recommendation: Although links may originate from legitimate organizations like Microsoft, they can redirect you to unofficial or malicious sites. Unless users verify that the final domain is the one that they intended to visit, they may be unaware of the attack. Solutions, such as ConcealBrowse, that analyze the final destination web page, are crucial in detecting and defending against threats that hide through redirects. 

screenshot of tech support scam URL detected by ConcealBrowse

screenshot of tech support scam URL detected by ConcealBrowse

_____________

SHA-256: 5b9542b700f786e8c7913aae5cef1696bf888ccc555de8ff1be809f4ed4b5363

screenshot of gift card scam page URL detected by ConcealBrowse

Screenshot of a similar page hosted by the same server

This URL was detected by ConcealBrowse on January 30th, 2024. It was first detected by one security vendor on December 29th and is currently detected by 14. ConcealBrowse successfully intervened, assigning the page a 39% risk score.

While the current page no longer exists, it is hosted by a server that contains multiple phishing URLs. The proximity to the malicious IP address allowed ConcealBrowse to detect the page regardless of content. In the past, these sites were used to host gift card scams. Gift card scams trick the user into believing they’ve won a monetary prize, only to redirect them to a malicious website that will steal their personal information and credit card.

Conceal recommendation: Sites like these change their content frequently but often use the same high-risk IP addresses. Blocking all access to this IP with ConcealBrowse , along with your firewall or other perimeter security solution, makes it less likely for users to encounter them. 

_____________

Valuable Outcomes

As this recent threat reports exemplify, ConcealBrowse offers comprehensive protection against many sophisticated cyber threats. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to confidently navigate the digital landscape, knowing that their online activities are shielded from potential harm.

Join the Conceal Community and claim your FREE ConcealBrowse licenses!

Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community committed to safeguarding your digital world.

Sign up for the Conceal Community and claim your free licenses by completing the form below.


phishing white paper. browser-based phishing

A Comprehensive Guide on Browser-Based Phishing Attacks

/in /by

The quality and quantity of browser-based phishing attacks have escalated dramatically over the past year, posing a significant threat to online security.

Whitepaper

Read more
Browser-Based Phishing

The Rise of Browser-Based Phishing Attacks and Expectations for 2024

/in /by

The digital landscape of 2024 continues to be fraught with cybersecurity challenges, notably the surge in browser-based phishing attacks. A recent report1 highlights a startling 198% increase in such attacks, emphasizing the evolution of phishing threats into more sophisticated and evasive forms.

2023: A Year of Alarming Growth

Last year witnessed an unprecedented spike in browser-based phishing attacks, with 30% exhibiting advanced, evasive techniques. This surge is not just about quantity; the nature of these attacks has become increasingly sophisticated, leveraging tactics like smishing, adversary-in-the-middle (AiTM) frameworks, and multi-factor authentication (MFA) bypass strategies.

What Makes Modern Phishing Attacks Different?

The traditional concept of phishing has undergone a dramatic transformation. Modern phishing attempts are dynamic, adept at evading standard security measures, and increasingly automated using GenAI tools. These attacks are no longer limited to emails but have expanded to cloud-sharing platforms and web applications.

The 2024 Outlook

Looking ahead to the rest of 2024, we can expect these trends to continue, if not intensify. The report’s findings suggest:

Increased Volume and Sophistication: Phishing attacks will likely grow in frequency and complexity.

Evasive Techniques: Attackers will continue to innovate, making detection and prevention more challenging.

Expanding Targets: Small and medium enterprises, previously less targeted, may see a rise in phishing attempts.

Preparing for the Threat

The escalation of browser-based phishing attacks necessitates a proactive approach to cybersecurity. Enterprises need to reassess their security strategies, focusing on advanced detection mechanisms and user education. Emphasizing browser security and adopting comprehensive solutions capable of identifying and mitigating sophisticated attacks will be crucial.

Conclusion

The state of browser security in 2024 is a testament to the ever-evolving nature of cyber threats. With phishing attacks becoming more sophisticated and evasive, staying ahead of these threats requires constant vigilance, updated security practices, and a thorough understanding of the evolving digital threat landscape.

1. https://resources.menlosecurity.com/all-content/state-of-browser-security-defending-browsers-against-zero-hour-phishing-attacks

This week's threat report highlights a surge in credential theft phishing, a discreet threat with a 54% incident rate. Examples include Yahoo! login deception, IP address cycling in phishing campaigns, and a Microsoft look-alike site exploiting muscle memory for password entry.

Browser-Based Threat Report: Jan 29

/in /by

Browser-Based Threat Report

Week of January 29th, 2024

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of January 29th, 2024, unveils critical insights into the ever-evolving landscape of online threats.

The following browser-based threat report highlights recently detected sites that were deemed suspicious:

_____________

SHA-256: 76282d556daf6fbf2899edf57f6589bbacde0d7ce31d3c0c595b76f5d4d49661

page pretends to be Yahoo's login page and is used to steal email credentials

This URL was detected by ConcealBrowse on January 22nd, 2024. Six security vendors began reporting on this site later the same day. As of this report,the site is detected by 15 vendors. ConcealBrowse isolated the page with a 28% risk due to suspicion of phishing.

This page pretends to be Yahoo’s login page and is used to steal email credentials. Email credentials carry significant risk, because they can be used to steal accounts connected to the email address. Without 2 factor authentication, all an attacker needs is access to the email associated with the account to change the password and take it over. An attacker might also launch attacks against all contacts in the address book of the account because users are more likely to click on links from someone they know.

Conceal recommendation: Educating users how to spot potential phishing sites is an important aspect of a layered security approach. However, it is important to address those who may not identify phishing sites with a solution, like ConcealBrowse, that prevents users from entering credentials into sites that they fail to recognize as phishing by preventing username and password input in suspicious sites.

_____________

SHA-256: 79d6e8d4005bd33c71797a26b18e76b4b136a51d4ba0743c5a2a6ef9ead435a0

This URL was detected by ConcealBrowse on January 25th, 2024. It was detected by 13 security vendors two days before and is still currently detected by 13 vendors. Despite this, the threat still evaded security controls and ConcealBrowse isolated the page with a 14% risk assessment.

This page is hosted on an IP address that is known for multiple phishing scams. In the past, it impersonated brands such as Costco, phishing visitors for personal data and payment information. Recently, the site hosted a survey scam. Survey scams will ask users to complete a survey in exchange for a prize. When accepted, the page will collect personal information such as an email address and other PII, which will then be the target for multiple scams and phishing attempts. Although the site is currently down, it is likely that it will be reactivated with a different phishing campaign.

Conceal recommendation: This IP address is known to be used in phishing and other attacks. This IP address should be added to any block lists in ConcealBrowse and any other perimeter security controls.

page is hosted on an IP address that is known for multiple phishing scams. In the past, it impersonated brands such as Costco, phishing visitors for personal data and payment information.

_____________

SHA-256:34cae9fa33d05561d84cf80c1259cbee25c3f26ae653f7e14e29b0a24b539e45

credential phishing page; this time impersonating a Microsoft login

This URL was detected by ConcealBrowse on January 24th, 2024. It was first detected by one security vendor on January 18th, and since then it has been flagged by nine others. ConcealBrowse isolated the page with a 27% risk assessment for malware and phishing.

This is another credential phishing page; this time impersonating a Microsoft login. This site uses the color scheme and the logos of the organization that was targeted, and it fills in the email address of the user. These methods are all intended to make the victim more likely to enter their password without checking into the site further. The domain name is made to be believable as well, as it pretends to be a document signing platform. However, more investigation into the URL reveals that it is fraudulent, and no such company exists.

Conceal recommendation: Adversaries have become more sophisticated in how they are able to bypass security controls to deliver credential theft attacks. Security solutions that detect phishing threats and prevent users from entering credentials into counterfeit logins are essential in protecting against these types of threats.

_____________

Valuable Outcomes from the Browser-Based Threat

As this recent threat reports exemplify, ConcealBrowse offers comprehensive protection against many sophisticated cyber threats. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to confidently navigate the digital landscape, knowing that their online activities are shielded from potential harm.

Join the Conceal Community and claim your FREE ConcealBrowse licenses!

Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community committed to safeguarding your digital world.

Sign up for the Conceal Community and claim your free licenses by completing the form below.

 


forbesbusinesscouncil-beyond-the-inbox-browsersecurity

Forbes: Beyond The Inbox: The Imperative For Holistic Cybersecurity Approaches

/in /by

Combat evolving cyber threats! Social engineering, especially via email, poses grave risks. Explore browser security’s critical role and a holistic approach for robust cybersecurity.

Read more
browser security-cybersecurity-secure browser

Browser Security Case Study: City of St. Peters

/in , /by

Intrigued by the comprehensive browser security and ability to intercept malicious activity at the browser level, the city of St. Peters invested in Conceal.

Read more
browser security-phishing prevention-browser based phishing

Browser Security Case Study: mSOC

/in , /by

In a comprehensive study, mSOC.io tested Browser Security software ConcealBrowse against human-verified malicious phishing sites designed to mimic legitimate logins.

Read more

Browser-Based Threat Report: Jan 22

/in /by

Browser-Based Threat Report

Week of January 22nd, 2024

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs and other browser-based threats. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

At Conceal, your digital safety is our utmost priority. Our weekly browser-based threat report for the week of January 22nd, 2024, unveils critical insights into the ever-evolving landscape of online threats.

The following browser-based threat report highlights recently detected sites that were deemed suspicious:

_____________

SHA-256: 4ea2f82641a8b923d53a61edc51e8768561d25556946946c1a467aba9183f29a

Browser-Based Threat

Browser-Based Threat

ConcealBrowse detected this URL on January 16th, 2024. It was first identified by 2 security vendors six months ago and is currently reported by 11 others. ConcealBrowse isolated the page with a 37% risk due to possible malware and phishing.

Initially, this web page appears to be a generic banking website requesting information for a new account. However, further investigation into the website reveals an address in Los Angeles that does not exist, and there is no phone number listed. The company name has a history of being used for banking scam operations, and this page is an example of personal information harvesting. These kinds of attacks can be used for identity theft and are particularly dangerous because they are often brushed off as legitimate due to the nature of the web page.

_____________

SHA-256: 0b9e8fdb4a6570b8168bedccf11b14e33d91648f896c5b24b66e92c7ee5fb4e5

ConcealBrowse detected this URL on January 18th, 2024. Later that day, other security vendors started reporting it as well. It has now been identified by 9 vendors, labeling it as malware and malicious. ConcealBrowse assigned this threat a 14% risk.

Software that has not been shared from recognized publishers, such as the one on this site, should be avoided whenever possible. They may contain hidden malware that deploys on the machine when installed. When analyzed, the program hosted on this website contained possible credential scraping tools. These tools scan browsers for any saved passwords to steal and compromise accounts. Although the website itself is not malicious, ConcealBrowse’s isolation allows users to recognize that the downloadable programs on this site could be dangerous.

Browser-Based Threat

Browser-Based Threat

_____________

SHA-256: 3a03d73e9bb846554236a08c4fe09af885930c0583060de6ec3a62b9a2eca6e2

Browser-Based Threat: Netflix

Browser-Based Threat: Netflix

This URL was detected by ConcealBrowse on January 19th, 2024. It was detected by several security vendors in February of 2023 and is currently being flagged by 12 of them. It is classified as a phishing attempt, being isolated by ConcealBrowse with a 14% risk assessment.

This webpage is a clone of the Netflix home page and includes a box for the user to enter their email address, as well as various images and hyperlinks. Even though a password is not harvested, collecting email addresses can lead to more specialized attacks, such as spear phishing. Creating a Netflix clone is a common practice exercise for new web developers, but they usually have multiple pages and elements such as thumbnails and embedded video trailers. This page lacks these features, and that, combined with other suspicious elements found by ConcealBrowse, indicates that this is likely a malicious page.

_____________

Valuable Outcomes

As this recent threat reports exemplify, ConcealBrowse offers comprehensive protection against many sophisticated cyber threats. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to confidently navigate the digital landscape, knowing that their online activities are shielded from potential harm.

Join the Conceal Community and claim your FREE ConcealBrowse licenses!

Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community committed to safeguarding your digital world.

Sign up for the Conceal Community and claim your free licenses by completing the form below.


press release hero

Conceal to Partner with Nordic Solutions to Expand into Southeast Asia

/in /by

Conceal to partner with Nordic Solutions to integrate its sophisticated ConcealBrowse technology, enhancing Nordic Solution’s proactive and responsive offerings for its Asia-Pacific client base

January 19 2024, 10:23 AM Eastern Daylight Time

AUGUSTA, GA –(BUSINESS WIRE)–Conceal, renowned for its innovative approach to browser security, proudly announces a strategic distribution partnership with Nordic Solutions Asia Pte Ltd, headquartered in Singapore with offices across the region in Indonesia, Malaysia, Philippines, Thailand, and Vietnam, a prominent value-added distributor of network cybersecurity products dedicated to shaping the future of technology solutions in the Asia-Pacific region. With this alliance, Nordic Solutions’ dedicated clientele will now be empowered with the enhanced browser protection of ConcealBrowse.

“The Asia-Pacific region represents some of the largest and most sophisticated cyber customers in the world, and we’re thrilled to bring ConcealBrowse’s unmatched capabilities to Nordic Solutions’ exclusive portfolio. Nordic Solutions’ expertise, experience, and respect in the region makes them an ideal partner for Conceal,” said Gordon Lawson, CEO of Conceal. “By incorporating ConcealBrowse into Nordic Solutions’ suite of offerings, we believe our partnership will revolutionize how organizations in Southeast Asia detect, react, and defend against the multi-faceted threats of today and tomorrow.”

“We are unwavering in our pursuit of excellence within our comprehensive IT services. The collaboration with Conceal represents a significant milestone in our ongoing commitment to providing cutting-edge cybersecurity solutions. This partnership brings together Nordic Solutions’ extensive expertise and regional influence with Conceal’s forward-thinking approach to browser security. By seamlessly integrating Conceal’s innovative technology into our exclusive portfolio, we are positioned to revolutionize the cybersecurity landscape in the Asia-Pacific region. Together, we aim to empower organizations to proactively address evolving cyber threats, reinforcing our shared dedication to fostering a secure digital future for businesses throughout the region,” stated John Seet, CEO of Nordic Solutions.

With this partnership, Nordic Solutions’ customer base can anticipate a more robust and integrated defense. The blend of Nordic Solutions’ unparalleled suite of comprehensive IT services, combined with the AI-powered dynamic browser approach from ConcealBrowse, ensures that Nordic Solutions’ clients can identify and neutralize emerging threats with greater efficiency and speed.

About Conceal

Conceal’s mission is to defend organizations against web-based threats. ConcealBrowse is a private, lightweight, easy-to-deploy AI-powered browser extension that detects, prevents, and shields users from ever-evolving phishing, credential theft, and other sophisticated social engineering attacks. By securing the most vulnerable part of any organization, the human using a web browser, ConcealBrowse dramatically reduces the risk of destructive and costly cyber-attacks. For more information, visit https://conceal.io/conceal-browse/

About Nordic Solutions

Nordic Solutions (Asia) Pte Ltd, established in 2014, is a prominent cybersecurity distributor dedicated to shaping the future of technology solutions in the Asia-Pacific region. With a strong foundation in distribution and Managed Services, we have continually evolved to offer a comprehensive suite of services. Our divisions include Cybersecurity, Drone Solutions and Services, and Digital Transformation. For more information, visit https://nordic-solutions.asia/

Source: https://www.businesswire.com/news/home/20240119519023/en/Conceal-Announces-Expansion-into-Southeast-Asia-with-Nordic-Solutions-Partnership

Browser-Based Threat Report: Jan 15

/in /by

Browser-Based Threat Report

Week of January 15th, 2024

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of January 15th, 2024, unveils critical insights into the ever-evolving landscape of online threats.

The following report highlights recently detected sites that were deemed suspicious:

_____________

SHA-256: 97296b4ff7ddfff97b2e7c34976ed0cdf7e8504ef9dd23618de7c4e092f581c0

Browser-Based Threat Report

Browser-Based Threat Report

ConcealBrowse first detected this URL on January 10th, 2024, the same day other security vendors started reporting. To date, only 5 vendors have identified this URL, labeling it as malware and malicious. Conceal prevented this new threat, further assigning a 27% risk and highlighting the importance of real-time analysis.

Non-affiliated webpages that push custom video game components such as cursors should be viewed cautiously. Sites like this are often not moderated and push custom-scripted game components. This specific site is loaded from an IP address that security vendors have flagged as malicious. This IP also delivers similar domains that have been flagged and use the same naming convention, such as videogame-cursors[.]online. In fact, a handful of these domains were also isolated by ConcealBrowse. This site and many of these domains are still active and should be avoided.

_____________

SHA-256: c3122370c2de5692438103f45f8ef14be899cc40e4c3946719f4a813cd7ca735

This URL was detected by ConcealBrowse on January 10th, 2024. It was first identified by 2 security vendors on the same day, with 3 reporting to date. ConcealBrowse intervened assigning the page a 14% risk due to suspicion.

Upon first look, the webpage itself is using a malicious Top-Level Domain (TLD) that is notoriously used globally for malware distribution and phishing campaigns. The domain itself is also leveraging deception, as there is a legitimate Robin AI used by many. Due to this, vendors have annotated this site as phishing. Further, the page is seen downloading an HTML file that has also been annotated as suspicious by two reputable anti-virus vendors. More grandeur, the hosting IP address was flagged and is delivering other copycat websites to users. With that, users should always confirm login page addresses before divulging credentials and other personal information.

Browser-Based Threat Report

Browser-Based Threat Report

_____________

SHA-256: ccd95eea7f0337b08e5888f68c92098294ee889cb540a9de8a52e003f41ec680

Browser-Based Threat Report

Browser-Based Threat Report

The URL was detected by ConcealBrowse on January 16th, 2024. It was detected by various security vendors on January 16th, 2024, and currently is flagged by 2 vendors. This delivered page is classified as malware and malicious by those 2 vendors. ConcealBrowse interdicted this page and prescribed a 22% risk score.

The webpage was seen redirecting to a Yahoo webpage that loads various scripts from third party hosting sites in the process. The page was seen delivering suspicious downloads that have matched various crowdsourced YARA rules for encoded content. This is often used to bypass security mechanisms by encoding script so that it cannot be detected. Although it loads a legitimate Yahoo page, upon delivery there are callouts to third-party hosting sites to execute the various scripts to initiate downloads. Due to this, the page should be avoided.

_____________

Valuable Outcomes

As this recent threat reports exemplify, ConcealBrowse offers comprehensive protection against many sophisticated cyber threats. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to confidently navigate the digital landscape, knowing that their online activities are shielded from potential harm.

Join the Conceal Community and claim your FREE ConcealBrowse licenses!

Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community committed to safeguarding your digital world.

Sign up for the Conceal Community and claim your free licenses by completing the form below.