Phishing 2 factor auth

Conceal Threat Alert: Phishing Incident Targeting Dropbox

/in /by

On November 1st, cloud storage behemoth Dropbox reported that attackers had successfully targeted some of their engineers, capturing credentials for the company’s account on GitHub. This gave the attackers access to the company’s source code for internal prototypes, as well as some of the tools used by Dropbox’s security team.

While users of all levels of sophistication are successfully tricked into providing credentials to phishing sites every day, the Dropbox case is notable for a couple of reasons. First, this attack was highly targeted and relatively sophisticated. The attackers identified a specific piece of software tied to GitHub that the Dropbox development team used and sent an email masquerading as the company that makes that software. Next, although Dropbox had systems in place to identify and quarantine phishing emails, those systems only blocked some of the emails while delivering others straight to users’ inboxes.

Even with protections in place, malicious emails still made it to the engineers’ inboxes and Dropbox’s most technically savvy employees were duped into providing their credentials to the attackers. This incident shows that attackers will go to great lengths to develop targeted campaigns and that conventional tools and security awareness only go so far towards stopping them.

Fortunately, ConcealBrowse offers an extra layer of protection against phishing, distrusting risky web sites by default and providing protection even when email filtering fails. Once a user clicks a phishing link, ConcealBrowse goes into action, scanning the URL and any resources loaded by it to ensure they haven’t been flagged as dangerous. At the same time, ConcealBrowse uses advanced AI to analyze the pages for signs of a phishing attack, and blocks attackers at the browser level before the user has an opportunity to provide credentials.

As attackers grow more sophisticated in their targeting and tactics, companies must build zero trust into their operations. ConcealBrowse works in the browser to stop threats before they reach your network.

zero day hero

WWCD: Staying One Step Ahead of the Attack

/in /by

Last month, Google announced the existence of CVE-2022-307, a zero-day vulnerability in Chrome and other Chromium-based browsers like Microsoft Edge that was already being actively exploited in the wild. What they didn’t say however, is how long the vulnerability had been exploited, or how long they had known about it before they patched it. Furthermore, while Google released a patch for the vulnerability at the same time as the announcement, the patch still required a browser update before it was remediated. 

With browser zero days being discovered all the time – and frequently not until they’ve already been exploited – how can companies protect themselves during the period between the initial exploitation and when they are able to install the latest browser update? 

What Would Conceal Do (#WWCD)?

Fortunately, infrastructure associated with these attacks is often discovered in the wild even before the zero-day can be fixed and is included in the intelligence sources ConcealBrowse relies on to make security decisions on behalf of the user. In these situations, ConcealBrowse can keep users safe even if their browser is still unable to stop a given attack.

Because ConcealBrowse checks every URL a browser is asked to load, it always has the latest information on indicators of compromise. This means that if a particular piece of infrastructure has already been associated with malicious activity, ConcealBrowse stops it from opening directly in the user’s local browser, and instead opens it in remote browser isolation. Even if the attack is successfully executed, the exploit is run on a virtual machine in the cloud that will be destroyed after the user’s session. The code is never executed in the user’s browser, so it can’t compromise the user’s device or your network. 

ConcealBrowse stays one step ahead of attackers and can protect user’s systems while software vendors discover vulnerabilities and develop and deploy patches. 

The Zero Day Dilemma

/in /by
press release hero

Conceal Expands Alliance with Jacobs as Global Provider for Protecting Critical Infrastructure from Ransomware

/in /by

ConcealBrowse Prevents Browser-based Malware from Executing on Any Device

AUGUSTA, Ga., October 25, 2022 — Conceal, the leader in Zero Trust isolation technology, today announced that Jacobs (NYSE:J) has expanded its alliance with Conceal and will provide the ransomware solution to its critical infrastructure clients on a global basis.

Conceal incorporates intelligence-grade, Zero Trust technology in its offerings to protect companies of all sizes from malware. By using ConcealBrowse, Jacobs is able to leverage Zero Trust isolation technology and its increasingly important role in delivering solutions to address critical challenges for national security, civilian infrastructure, maritime, higher education and energy clients around the world. 

The Conceal Platform is available immediately from Jacobs on a worldwide basis.

“Critical infrastructure providers including energy, water, communications and others are a favorite target for ransomware groups due to the downstream disruptions an infection will cause,” said Gordon Lawson, CEO of Conceal. “Through this new relationship with Jacobs we are providing customers of all sizes, on a global basis, with comprehensive protection against ransomware that isolates users and the corporate network from threats.”

The Conceal Platform provides detection of cyber threats before they can infiltrate a network by processing all code to determine whether or not it is malicious and placing suspicious content in isolation so malware cannot execute. It is comprised of three integrated products:

  • ConcealBrowse, which secures users by protecting every endpoint from malicious threats
  • ConcealSearch, which shields the network from reconnaissance and attacks by fortifying online activity without attribution to your enterprise
  • ConcealCloud, which safeguards cloud resources through isolation by regularly churning the underlying network infrastructure

About Conceal

Conceal enables organizations to protect users from malware and ransomware at the edge. The Conceal Platform uses Zero Trust isolation technology to defend against sophisticated cyber threats. Conceal is used by Fortune 500 and government organizations globally to ensure their users and IT operations remain secure, anonymous and isolated from attacks. For more information, visit https://conceal.io/.

Media Contacts:

Carter B. Cromley
(703) 861-7245
[email protected]

#BeCyberSmart – Let’s Talk About Phishing

/in /by

Let’s talk about phishing.  Phishing is the top action variety in social engineering breaches, causing over 60% according to Verizon’s Data Breach Investigation report for 2022.  Since 2016, phishing has seen an exponential increase in both the email click and do not click rates. Let’s be real – , phishing is an issue, and it is not going anywhere.  This week, the National Cybersecurity Alliance has talked a lot about recognizing and reporting phishing and discussed.  how it’s a problem that affects all businesses no matter the size. In fact, 30% of small businesses consider phishing attacks to be their top cybersecurity concern.

Recognize Phishing

According to CISA, phishing is defined as “Attacks that use email or malicious websites to infect your machine with malware and viruses in order to collect personal and financial information. Cyber Criminals attempt to lure users to click on a link or open an attachment that infects their computers, creating vulnerability to attacks.”

Luckily, in this day and age, there is a lot that can be done to prevent users from falling victim to a phishing attempt.  First and foremost, users need to understand what they are looking for so that they can ‘see it so that they don’t click it’.  While signs can be subtle, the National Cybersecurity Alliance has provided eight tips on how to clearly spot a fake phishing email:

  1. –       Email contains an offer that is too good to be true
  2. –       Email contains language that is urgent, alarming or threatening
  3. –       Email contains poorly crafted writing with misspellings and bad grammar
  4. –       Email is very generic and not personalized to you as the user
  5. –       Email requests your personal information
  6. –       Email requires you to click on a link or attachment
  7. –       Email contains an odd business request
  8. –       Email address looks odd or unidentifiable

 

While these are not the only identifiable characteristics of a phishing email, these are among the most common.  The main takeaway here is that if you recognize an email as “phishy”, make sure you avoid it and report it.

Report Phishing

So, you think you have been phished?  Recognizing the fake email is the most important part of a phishing attempt.  Once a user has identified the phishing expedition, reporting the email to your IT manager or security officer can help ensure others do not fall victim to the same attempt.  Some companies may even have a built-in plugin as part of their email application to maximize the ease in reporting.  The most important thing here is NOT to click on any links.  After reporting, ensure the email is deleted and does not exist on any of your user devices.

Another important aspect of reporting is to ensure users report a phishing attempt even if they have fallen victim.  Sometimes a user does not realize they have been phished until they have clicked on a link or opened an attachment.  In these instances, users need to feel comfortable and empowered to reach out to their IT contact to report the phish so that the IT team can investigate and remediate ASAP.  This communication can minimize the damage and spread of the malware or other threats that may have been a part of the email.  This reality also highlights the importance of investing in a security tool that can minimize the impact of a malicious email.

Invest Against Social Engineering

The reality is, even with cybersecurity awareness training, users are still going to fall victim to clicking a phishing link.  As a result, it is important for organizations to explore their options to minimize the impact.  Here at Conceal, we are able to isolate a user’s session when they click on a malicious link, keeping the harmful content from ever accessing your organization’s network.  Through the investment of Conceal, you can protect your users from malware, spear phishing and browser-based cyber threats with clientless, zero-trust remote browser isolation.  To learn more, request a demo with one of our experts today!

Phishing scam abusing trust

WWCD: Defending Against Browser App Mode Abuse

/in /by

Bill Toulas at Bleeping Computer recently highlighted a new phishing technique in the wild that is designed to abuse user’s increased likelihood of trusting applications that appear to be desktop applications over those that appear inside a web browser.  As with many other types of attacks in the wild, these are designed to take advantage of the fact that experiences – and most security training – prime users to expect phishing and other malicious sites to look and behave a certain way.

In the attack Toulas describes, threat actors utilize a little-used feature in Chromium-based browsers to launch web pages in “application mode”. In application mode, the website loads in a clean browser window that hides all the tell-tale signs that the user is on a web site. There are no tabs, no URL bar, no toolbars, nor anything else that normally distinguishes a web application from a desktop one. Since users aren’t primed to suspect phishing pages to load in this type of environment, their guard may be down.

So, What Would Conceal Do (#WWCD)?

We have some good news: Conceal would stop this attack. Since ConcealBrowse protects users by scanning URLs and blocking or isolating them as appropriate, the user’s trust – or lack thereof – is irrelevant.

Let’s take a look at how the attack works, and how ConcealBrowse stops it.

  1. An attacker sends a user a Windows shortcut that launches a web page in Chromium application mode when clicked.
    Chromium application mode
  2. When the user clicks on the icon, the malicious page is loaded in a Window that mimics a desktop application but is actually a Chromium window without any of the usual UI elements.
    Desktop mimic
  3. Despite appearances, the page is still a normal web page and ConcealBrowse scans its URL as well as any other URLs it might call or load.
  4. Because Conceal’s decision engine has flagged the URL as malicious, the page is loaded in a virtual environment in the cloud instead of on the user’s computer.
    URL scan
  5. When the page tries to download a malicious file to the user’s computer, the file is scanned and stopped by ConcealBrowse.

ConcealBrowse protects users and organizations from the types of trust abuse that are commonly responsible for successful malware and phishing attacks like this one, regardless of how creative the technique. Want to learn more? Contact us for a demo today!

press release hero

Conceal and Spire Solutions Sign International Partnership Agreement for Zero Trust Security

/in /by

DUBAI, United Arab Emirates–(BUSINESS WIRE)–(GITEX GLOBAL) – Conceal, the leader in Zero Trust isolation and ransomware prevention technology, and Spire Solutions, a leading value-added distributor, signed a strategic partnership agreement today at GITEX 2022 for Spire to serve as the distributor for Conceal’s platform and ConcealBrowse solution in the Middle East and Africa regions.

According to Gartner, increasing cyberattacks, threats to cyber-physical infrastructures, and the malicious nature of ransomware are expected to increase end-user spending on security and risk management in the Middle East and North Africa to total $2.6 billion in 2022, an increase of 11.2% from 2021.

“Globally, we are at a critical inflection point as Zero Trust becomes validated as the most effective approach for securing enterprise IT environments and online services delivery,” said Sanjeev Walia, Founder & President at Spire Solutions. “Conceal’s patented zero trust solutions are proven in their deployment with the Fortune 100 and some of the world’s largest government agencies. We are honored to partner with Conceal to make these solutions accessible in the Middle East & African regions too.”

ConcealBrowse was recently introduced and performs pre and post-processing of code on a computer to protect against browser-borne attacks including RATs, Trojans, Worms, Ransomware, Browser Hijacking, and more. It leverages an intelligence engine that works at machine speed with near-zero latency to dynamically and transparently pre-process and analyze code and move suspicious, unknown, and risky code to a cloud-based isolation environment. This unique, patented approach ensures that malicious code or files never enter enterprise devices and cannot infiltrate the network. ConcealBrowse works with existing browsers and supports all popular operating systems, integrates with Microsoft Active Directory, single sign-on authentication, and other identity management systems.

“The proven success of our platform is enabling Conceal to embark on an aggressive global growth strategy,” said Gordon Lawson, CEO of Conceal. “The Middle East and Africa are experiencing significantly increasing demand for zero trust solutions and are a natural next step for Conceal. The Spire team has proven their leadership in these regions and we look forward to a mutually beneficial partnership.”

While at GITEX, you can meet Conceal in the Spire Stand H2-B1 in Hall 2 of the Dubai World Trade Center.

About Spire Solutions
Spire Solutions is the Middle East & Africa’s leading value-added distributor (VAD), with exclusive distribution rights for some of the world’s best-known cybersecurity vendors (OEMs). With a key focus on solving problems without creating new ones, Spire has built a reputation of being the preferred security partner to CISOs of several government organizations and enterprises in the region. www.spiresolutions.com

About Conceal
Conceal enables organizations to protect users from malware and ransomware at the edge. The Conceal Platform uses Zero Trust isolation technology to defend against sophisticated cyber threats. Conceal is used by Fortune 500 and government organizations globally to ensure their users and IT operations remain secure, anonymous and isolated from attacks. For more information, visit https://conceal.io/.

Contacts

Media Contact:
Christine Blake
W2 Communications for Conceal
[email protected]

source: https://www.businesswire.com/news/home/20221013005130/en/Conceal-and-Spire-Solutions-Sign-International-Partnership-Agreement-for-Zero-Trust-Security-at-GITEX-2022