Zero trust security

Browser-Based Threat Alert: Increased Phishing Attacks on Collaboration Platforms Highlight the Importance of Zero-Trust Browser Protection

/in /by

Phishing attacks have long been a serious threat to businesses, but recent reports indicate that the problem is becoming even more pervasive. Email remains a primary target, but attackers are also expanding their focus to collaboration platforms such as Slack and Microsoft Teams. With the shift to hybrid work environments, these platforms have become popular avenues for exploitation by opportunistic cybercriminals. As a result, companies are grappling with a growing threat surface, and many feel vulnerable to attacks delivered through their collaboration tools.

The Growth of Attacks from Non-Email Platforms

Traditionally, email has been the primary attack vector for phishing and other messaging-based attacks. However, recent data from the “State of Email Security” (SOES) report published by Mimecast indicates that newer collaboration technologies are also being targeted. In the past 12 months, 97% of companies surveyed experienced at least one email phishing attack, and three-quarters expected to incur significant costs from email-based attacks. Most concerning, however, is the increase in cyberattacks via collaboration platforms. Nearly three-quarters of companies surveyed feel it is likely or extremely likely that their company will suffer an attack delivered through their collaboration tools.

This threat is only exacerbated by the fact that attacks on messaging and collaboration software are a growing source of compromise. The Anti-Phishing Working Group detected 1.3 million phishing attacks in the third quarter of 2022, up from 1.1 million attacks in the second quarter. Cybercriminals are getting more sophisticated, with 19% of phishing attacks successfully bypassing platform defenses.

While email remains a key attack vector, collaboration tools provide a new and expanding threat surface for bad actors. Companies in various industries, including consumer services, energy, healthcare, and media and entertainment, are particularly susceptible to these threats. It’s crucial to implement effective security measures, including distinguishing bots with human verification tests.

Zero-Trust Web Browser Protection with ConcealBrowse

Given the evolving threat landscape, it is essential for businesses to implement zero-trust web browser protection tools like ConcealBrowse. Designed to create a worry-free user experience, ConcealBrowse detects, defends, and isolates malicious and unknown internet activity across all applications, providing robust protection for users​.

ConcealBrowse proactively gauges risky internet traffic and determines one of two routes: allowing known “good” URLs to continue on their normal path, blocking it, or opening it in an isolated cloud environment where malicious files and code is not run on the user’s device. Importantly, ConcealBrowse makes proactive decisions about the security risk associated with internet use and automatically isolates risky transactions without interrupting the user experience. 

By implementing ConcealBrowse, organizations can effectively defend against phishing attacks targeting not only email but also collaboration platforms. It automatically detects risky internet activity, defends and isolates network and endpoint information, and reduces expenses related to detection, prevention, and response.

Conclusion

In the era of hybrid work and digital collaboration, the threat of phishing attacks is only growing. Cybercriminals are increasingly targeting collaboration platforms, leaving businesses at risk of significant financial and reputational damage. To defend against these evolving threats, businesses must adopt zero-trust web browser protection solutions like ConcealBrowse. With its ability to proactively detect and isolate malicious activity, ConcealBrowse provides a robust line of defense that keeps enterprise users safe and preserves the integrity of their digital assets. Click here to schedule of demo of ConcealBrowse today.

Written By: Conceal Research Team

Virtual Bank. Digital technology concept Financial transactions, banking on online networks, protection systems with cyber security. Bank icon and currency connected polygon on dark blue background.

The Growing Impact of Cybersecurity on Credit Ratings: What Companies Need to Know

/in /by

As cybersecurity becomes an increasingly vital aspect of a company’s operations, credit rating agencies are beginning to incorporate cybersecurity factors into their evaluations of corporate creditworthiness. This shift highlights the growing importance of strong cybersecurity practices in maintaining a company’s financial stability and reputation. In this blog post, we will discuss how credit rating agencies are now considering cybersecurity in their assessments and what companies can do to improve their cyber risk management. 

Cybersecurity as a Credit Rating Factor

A recent report by The Washington Post revealed that credit rating agencies such as Moody’s, S&P Global Ratings, and Fitch Ratings are increasingly looking at a company’s cybersecurity posture when determining credit ratings. This move follows a growing trend of cyberattacks targeting corporations, which have led to significant financial losses and reputational damage for the affected businesses.

Companies that have suffered major cybersecurity incidents, such as data breaches or ransomware attacks, are now more likely to see their credit ratings downgraded. This can lead to higher borrowing costs and a reduced ability to access capital markets. On the other hand, companies with robust cybersecurity practices may receive more favorable credit ratings, potentially lowering their cost of capital and increasing their attractiveness to investors. 

How can companies protect their bottom line?

To effectively incorporate cybersecurity factors into credit ratings, agencies are increasingly relying on cyber risk assessments. These assessments aim to evaluate a company’s cyber risk exposure and its ability to prevent, detect, and respond to cyber threats. Credit rating agencies may also consider the potential financial impact of a cyber incident on a company’s balance sheet, cash flow, and overall creditworthiness. 

The Post report notes that small and medium sized businesses are the least likely to invest enough in cyber security measures. Tools like ConcealBrowse can provide tremendous bang for the buck, providing critical missing coverage over an entire organization at a manageable cost.

Given the growing importance of cybersecurity in credit ratings, companies must prioritize cyber risk management in their overall business strategy. Here are a few steps businesses can take to enhance their cybersecurity posture: 

  1. Implement a comprehensive cybersecurity framework: Companies should adopt a recognized cybersecurity framework, such as the NIST Cybersecurity Framework or the ISO/IEC 27001 standard, to guide their cybersecurity policies and procedures.
  2. Embrace zero-trust principles wherever possible: Employees are often the weakest link in any cybersecurity program. While training and awareness programs can reduce the chances of falling victim to phishing or other types of trust-based attacks, invest in solutions like ConcealBrowse that take decisions on trust and risk assessment out of the hands of the end user.
  3. Regularly assess cyber risk exposure: Conducting regular cyber risk assessments can help organizations identify vulnerabilities and gaps in their cybersecurity defenses, allowing them to take appropriate remedial actions.
  4. Collaborate with industry peers and government agencies: Sharing information on cyber threats and best practices with other companies and government organizations can help businesses stay ahead of emerging cyber risks.
  5. Engage with credit rating agencies: Companies should proactively engage with credit rating agencies to understand their cybersecurity expectations and communicate their efforts to address cyber risks.

Conclusion:

The incorporation of cybersecurity factors into credit ratings highlights the growing recognition of cyber risk as a significant business concern. Companies that prioritize cyber risk management and demonstrate robust cybersecurity practices are more likely to receive favorable credit ratings, which can have tangible benefits in terms of lower borrowing costs and increased investor confidence. By taking proactive steps to improve their cybersecurity posture, businesses can better position themselves for long-term success in an increasingly interconnected and cyber-risky world.

To find out more about how ConcealBrowse can make your business more secure and less risky to creditors and investors, click here to schedule a demo today.

bank collapse

Browser-Based Threat Alert: SVB Opportunistic Phishing Attacks

/in /by

As all security professionals know, phishing attacks are a constant threat.

Cybercriminals are relentless in their efforts to deceive individuals into revealing sensitive information, and the consequences can be devastating. March 2023 witnessed a prime example of how a crisis can create a ripe environment for phishing campaigns to thrive. The collapse of Silicon Valley Bank (SVB) and the subsequent phishing attacks targeting its customers offer a cautionary tale and highlight the importance of zero-trust protection measures.

SVB, a major U.S. bank known for providing financial services to some of the largest tech investors and startups, collapsed on March 10, 2023. Federal regulators under the control of the Federal Deposit Insurance Corporation (FDIC) took over the bank after depositors rushed to withdraw billions of dollars in deposits. The financial crisis garnered worldwide attention and created an atmosphere of chaos and stress that cyber criminals naturally sought to exploit. Amid the bank’s collapse, a series of phishing campaigns impersonating SVB began to emerge. A recent article on Cybersecurity Magazine conducted an analysis of SVB-related phishing attacks and noted that the ongoing banking crisis is likely to provide more opportunities for attackers as more banks become stressed and fail.

In the context of online financial services, phishing attacks can involve fake login pages or emails that impersonate legitimate financial institutions. Unsuspecting victims may provide sensitive information, such as login credentials or financial data, to these fake websites. This information can then be used for criminal activities like identity theft or financial fraud. In fact, the credentials themselves can have tremendous value on the open market, with verified admin accounts in some cases being sold for up to $120,000. In some cases, victims are redirected to the real site, giving them the impression that they are interacting with the legitimate institution while providing their credentials to attackers.

Attackers in the SVB phishing campaign created domains that closely resembled SVB’s name, often containing minor variations and financial terms to lure individuals into clicking on malicious links. More than 90 new domains were registered for use in attacks against targets, mainly in the U.S. The report identified one Turkish attacker that began utilizing a fraudulent domain within a few hours of its registration.

conceal svb

The aftermath of the SVB collapse and the ensuing phishing attacks underscore the necessity of proactive cybersecurity measures. In times of crisis, hackers often prey on fear and confusion, making it essential for individuals to remain vigilant. However, even with extreme vigilance and thorough cyber security training, crises like the SVB collapse can impair user’s judgment about messages related to the event. That is why it’s critical to remove the burden of judging risk from the user and put it in the hands of objective security tools like ConcealBrowse.

The browser-based phishing protection provided by ConcealBrowse is an indispensable tool in mitigating the risks of phishing attacks and safeguarding valuable information when end users don’t know who they can trust. The SVB phishing campaign serves as a reminder of the ever-present threat of phishing and the need for robust security measures. By utilizing tools like ConcealBrowse and staying informed about the latest cybersecurity threats, individuals and organizations can better protect themselves from falling victim to cybercriminals’ deceptive tactics. 

Click here to schedule a demo of ConcealBrowse today and see how it can keep your users safe from opportunistic attacks like these.

Written By: Conceal Research Team

MSP Profitability

How to Increase Your Profitability as an MSP

/in /by

Maintain MSP Profitability in an Era of Economic Uncertainty

We know that as a managed service provider increased profitability is key to growth and success in the industry. As a MSP first company, here are some strategies that we have seen increase profitability as an MSP:

Recurring Revenue

Maximize on opportunities where you can offer services that generate revenue that is recurring. Examples of such services include managed security services. This approach helps reduce the need to strategize on one-time product work with a customer and rather lets you focus on a stable revenue stream.

Effective Operations

Effective operations come down to the tools and processes being leveraged to provide your services to a customer. When effective, these operations can increase productivity while reducing costs and minimizing errors. Manners by which effective operations can be achieved is through automation as well as through the standardization of processes and procedures and effective project management.

Competitive Pricing

If you are able to develop an optimized pricing model, you can maximize revenue while remaining competitive in the MSP market. A common mechanism for competitive pricing requires the MSP to leverage value-based pricing so that you can charge based on the value the service you are providing brings to the customer.

Service Expansion

Continuously invest in offering development so that you are offering the services that meet the needs of your customers. We see MSPs breaking into the security market, a relatively untapped market by MSPs to date. This allows an increase in revenue streams and provides the opportunity to both upsell and cross-sell to customers.

Strategic Partnerships

Investing in partners that complement the offerings, solutions and missions of your organization is key to expanding your service offering even further. As mentioned above, continuous offering development is key to ensuring you have the offerings your customers need. By investing in strategic partnerships, you can provide you customers with a more comprehensive solution.

Cost Management

To increase profitability, MSP’s must manage and minimize costs. Determining unnecessary expenses and managing costs effectively are key to improving profitability. This optimization can be done by revisiting staffing levels, implementing cost-saving technology and ensuring the most beneficial vendor contracts.

Your Next Strategic Partner

Here at Conceal, we are invested in helping you implement a strategy that includes maximizing profitability. A strategic partnership with Conceal allows you, as an MSP, to expand your services while streamlining effective operations and investing in services that result in recurring revenue. Additionally, ConcealBrowse enhances your ability to manage cost by minimizing the need for user interaction. The lightweight implementation and operation of the browser plugin allows you to best protect your customers at the edge while also minimizing the resourcing needed to address alerts from the browser in the SOC.

ConcealBrowse offers a tremendous opportunity to provide innovative solutions that address the top two cyber threats affecting small and midsize companies: ransomware and credential theft. A simple, drop-in solution, ConcealBrowse can be easily added to existing security packages or be a stand-alone solution for companies that lack protection, allowing them to instantly add a security control that may have seemed out of reach with their existing security budget.

Position yourself for long-term growth and success by investing in a strategy that increases your overall profitability. Become a Conceal Partner today to start maximizing your profitability and expand your services to secure the edge.

phishing attack

Conceal Threat Alert: Phishing Attack Bypasses Traditional Controls, ConcealBrowse to the Rescue

/in /by

Threat actors can be downright crafty, and motivated actors tend to take their attacks to the next level.  So where does this leave employees who are targets of more sophisticated attacks?  Many times, they are left to their intuition and, if they are lucky, any skills they have acquired through traditional awareness training. In other words, the security of the user, their device, and the organization are reliant on recalling information from their last awareness training session.  Despite increased spend on baseline cyber security tools such as email gateways, web gateways, EDR solutions and awareness training, we continue to see an increase in successful attacks such as credential theft (phishing attacks that politely ask users for their login credentials) and ransomware. By utilizing ConcealBrowse, we illustrate how a credential phishing attack that bypassed traditional security controls was successfully prevented.

Anatomy of the Attack

 

phishing email

The email above was sent from a legitimate and most likely compromised email address.  By sending from a real email account, the attackers evade common baseline checks such as SPF, DMARC and IP spoofing checks.  Next up, they worked on the message content, including legitimate Microsoft message content, images and prompts; this part of their attack helped evade technical content controls as well as build trust with the recipient.  In addition to the realistic content, the attackers also added some conversational banter at the bottom of the email (well past where normal humans would scroll!), which appears geared to improve deliverability.  The rest of their tactics continue to circumvent both human and technical detection by presenting authentic-looking URLs to websites that have been recently compromised and then ultimately using the compromised first hop to redirect the user to the credential theft site, which was hosted on a recently acquired domain.  

This example highlights a few of the techniques attackers use daily to evade existing controls and dupe users into action.  A recent report from security firm Cofense identified that 67% of emails reported by users led to credential theft webpages.  Additionally, they found that 52% of credential theft emails abuse the Microsoft brand and that 70% of reported credential theft emails bypassed secure email gateways.  With these staggering statistics, it is clear that even with best-in-class controls, employees are at a stark disadvantage to the well-funded adversaries whose mission is to gain access to their credentials to advance their nefarious activities further.

Anatomy of the Prevention

When the user clicked the link in the convincing and delivered email, ConcealBrowse was poised and ready to jump into action. As a browser extension, ConcealBrowse analyzed the URL and determined that some attributes of the page had unknown risk profiles and others displayed risk indicators, but overall, the page was not yet known to be malicious.  This is a perfect example of the nature of current web-based threats that crop up and disappear in a moving window of inherent risk that is simply not apparent to users and existing technical controls.

Once ConcealBrowse determined that it didn’t have a clear security posture verdict for the URL at that point in time, it seamlessly moved the webpage into isolation, instantly protecting the user from potential risk and allowing the page to be loaded and interacted with.  At this stage, ConcealBrowse was able to apply secondary security posture checks which identified a user authentication (login) form, which, in turn, triggered Conceal’s Credential Guard to evaluate the page for signs of credential theft.  Using AI modeling, ConcealBrowse was able to inspect the technical and visual attributes of the webpage to determine that it was a phishing webpage. At this point, ConcealBrowse protected the user session by preventing the end-user from entering data into the form and visually alerted that the page was attempting to steal their login information.  

The Result

Typically, these attacks don’t end so well, and organizations spend time and money cleaning up after the incident.  In this case, the user was protected by ConcealBrowse therefore, there was no incident. Instead, their security team inherited real-time telemetry about a credential theft website.  Using Conceal’s integration framework, the customer was able to stream the telemetry into their SIEM and automatically update other controls to take advantage of this new information. 

Regardless of how trustworthy your users think a link might be, ConcealBrowse scans every URL using state-of-the-art techniques and applies our proprietary threat identification model and computer vision to identify and block phishing attempts and malware downloads.

You can experience the power of our Zero-Trust at the Edge security model today by requesting a free ConcealBrowse trial or by scheduling a demo with our team of experienced security professionals.

Written By: Conceal Research Team

email phishing

Browser-Based Threat Alert: Iranian Government Actors Mimic Think Tank for Targeted Phishing Attacks

/in /by

Secureworks Counter Threat Unit researchers published results from an investigation into suspected Iranian government-linked actors targeting researchers who document the suppression of Iranian women and minority groups. According to the report, the actors appear to be associated with APT35, a group suspected of operating at the behest of Iran’s Islamic Revolutionary Guard Corp (IRGC).

As with most Advanced Persistent Threat (APT) activity, the techniques utilized in these operations were meticulous and highly-targeted, relying on extensive knowledge of the targets and personalized, persistent social engineering attacks. The attackers established credible social media accounts purporting to belong to members of the Atlantic Council, an American international affairs think tank.

Specifically, Secureworks researchers investigated one of the Twitter accounts used in the operation, purportedly belonging to a “Sara Shokouhi”. Upon reaching out to the account, the actors provided legitimate information as bona fides, claiming to be a colleague of a named Atlantic Council Senior Fellow. However, the supposed colleague publicly denied working with “Shokouhi” and the photos used on the Twitter profile were taken from the Instagram account of a Russia-based tarot card reader.

This profile follows a history of using similar techniques, where APT35 actors routinely mimic actual Atlantic Council employees to gain the trust of their targets and abuse that trust for further attacks or intelligence collection.

The Sara Shokouhi persona was used to contact multiple targets, all consistent with typical targets of the IRGC. The interactions were informed, intentional, and well-choreographed. They were designed to gradually build the victim’s trust. In many cases, APT35 actors initiated a series of benign interactions over time using email, social media, and other online forums. The benign interactions included sending legitimate links to the targets so they became accustomed to clicking links provided by the actors. Eventually, however, the actor would send the target a malicious link that would lead to them downloading malware or providing credentials to phishing sites.

Extreme Lengths to Abuse Trust

Criminal actors normally rely on high-volume attacks with generic phishing messages, hoping that even though a small subset of their messages will get through and an even smaller number will fool victims, the sheer volume will ensure enough successful attacks to make the effort profitable. APT actors use an opposite strategy. Because only a small number of people have the valuable information they are looking for, and because they have vast resources by virtue of their government backing, they can afford to play the long game and sink a large amount of resources into attacks on specific individuals. 

This means that, unlike typical generic mass phishing attacks, the social engineering is personalized and can take advantage of specific characteristics of the target. These attacks don’t bear the hallmarks most security training teaches people to look for, like poor grammar or typo squatted domains.

Your Browser Shouldn’t Trust Anyone

No matter how well people are trained, and no matter how vigilant they might be to attempts to phish them, in the end security comes down to fallible human judgment and trust. That’s why it’s imperative that organizations adopt zero-trust security models that inherently distrust that which users trust. That’s why we developed ConcealBrowse. Regardless of how trustworthy your users think a URL might be, ConcealBrowse scans each one using state-of-the-art intelligence and our proprietary threat model, along with computer vision to identify and block phishing attempts and malware downloads.

You can experience the power of our Zero-Trust at the Edge security model today by requesting a free ConcealBrowse trial, or by scheduling a demo with our team of experienced security professionals.

Written by: Conceal Research Team

browser security

4 Secrets MSPs Should Know About Browser Security

/in /by

Securing your customers’ browsers will save you, as a service provider, time and money.

As a managed service provider (MSP), your mission is to support your customers to help them best achieve their business goals by providing tailored technology solutions and services that meet their specific needs. Part of that includes implementing security measures to minimize the chance of a cyber incident. But, what if implementing security measures increases the organization’s security posture AND saves you time and money?

The primary objective of securing the browser is to minimize an organization’s chances of falling victim to ransomware, credential theft, and other threats at the edge. But, by investing in a thorough browser security tool, you can do so much more than just provide protection at the edge. Here are the 4 secrets to good browser security:

1. Protect Customer Data

As an MSP, you have the responsibility to protect your customers’ data. Web browsers are a common entry point for cyberattacks, especially credential theft, and ransomware. By securing the web browser, you add additional protection to your customer’s data by minimizing the ability of threat actors to successfully gain entry into your network via the web. Protection at the edge minimizes vulnerability to your customer data.

2. Ensure Business Continuity

Service level agreements are a huge part of a customer and MSP relationship. As an MSP, you are required to provide uninterrupted services for your customers. If your customer’s browser is compromised, it can lead to system downtime, impacting your customer’s business operations. Proper browser security minimizes the chances of service disruption due to insufficient security at the edge.

3. Minimize False Positives

For many MSPs, SIEM and SOC alerts are a time-consuming and resource-intensive activity. By implementing proper security in the browser, you can minimize the number of alerts you receive by having potentially malicious activity go to an isolated environment outside of your customer network. By isolating potentially malicious activity, you minimize alerts from existing, cutting out the majority of web-based alerts so that your teams can focus on alerts in other environments – saving you time and money.

4. Reduce Operating Costs

By stopping potentially malicious activity at the browser, alerts are not triggered as discussed above. As a result, this minimizes endpoints from falling victim to ransomware, saving IT time from having to reimage machines – lowering your cost of supporting your customers in other aspects beyond cybersecurity.

As a trusted partner for your clients, it is important to deliver reliable, cost-effective solutions. Here at Conceal, we want to help you cost-effectively achieve your customer’s goals. Conceal helps MSPs and MSSPs generate new revenue and deliver innovative cybersecurity solutions that address the two biggest problems in cybersecurity – ransomware and credential theft. Bundle ConcealBrowse into your security services and boost your revenue today by requesting more information on our partner program!

smart home

Conceal Threat Alert: Phishing Attack Threatens Physical Security of Homes

/in /by

Email protection firm Inky recently reported on a credential harvesting campaign targeting customers of Ring, the company famous for doorbells and other smart home security products. In addition to harvesting users’ Ring credentials, the attackers also utilized common phishing techniques to harvest credit card information of the victims.

While the report doesn’t provide information on the rate of success for the attack, Ring products can be used to capture video both inside and outside of homes, on car dashcams, and to provide other data about the inside of a home and its security measures. It’s also possible to control smart door locks via the Ring app, meaning that an attacker with Ring credentials could gain physical access to a home. Access to a Nest account could be a goldmine for all kinds of attacks, both technical and physical. 

The attackers relied primarily on common phishing techniques, like hiding their malicious URL under a visible link that tricked users into thinking they were clicking on a legitimate Ring URL while they were actually visiting a malicious one. The credential harvesting sites also utilized Ring logos and branding in an attempt to make the site appear more legitimate.

While these types of phishing attacks are common, they can often be stopped by email-based anti-phishing tools. To get around these protections, the attackers delivered their malicious link inside of an HTML file attached to the email. Clicking the attachment opened the local file in the web browser and presented the user with the link to the online phishing page. So, instead of clicking on the malicious link in the email client where existing anti-phishing products typically operate, the malicious link is opened in the browser, which typically has less protection.

How Can Phishing Attacks be Stopped in the Browser?

Fortunately, ConcealBrowse hardens the browser regardless of where a malicious link is clicked. In the case of this attack against Ring users, the initial HTML file might have escaped traditional email-based security tools. Fortunately, ConcealBrowse would scan the malicious URL, identify it as a phishing attack, and prevent users from providing their sensitive credentials and credit card data.

It’s easy to start using ConcealBrowse today to try out this advanced anti-phishing and ransomware protection yourself. Click here to request a free trial, or request a demo to find out more.

Written by: Conceal Research Team