WWCD: How can ConcealBrowse stop abuse of trust?

/in /by

VirusTotal recently analyzed its trove of malware and associated metadata to identify ways attackers abuse users’ trust of big digital brands. Specifically, attackers focus on co-opting trusted domains and branding materials like official logos and icons to trick users into downloading and installing malware.

Current “state of the art” in avoiding these types of attacks relies on training end users to identify non-obvious signs that trusted brands are being used maliciously, and by scanning files on the endpoint after a user has already downloaded them. We all know from experience that, regardless of how much training users receive, they far too often let down their guard when they believe they are interacting with a trusted party. Fortunately, Conceal takes over the task of distrusting everything and isolating malicious activity regardless of the user’s perception of safety. So, What Would Conceal Do to subvert these types of attacks?

Check Everything

As the VirusTotal report points out, many of these types of attacks rely not only on humans’ propensity to trust certain brands, but also on defensive systems’ propensity to trust certain domains. Fortunately, ConcealBrowse checks every URI accessed by users or loaded in the background by web apps. Even if most resources accessed via squarespace.com are trustworthy, Conceal’s decision engine identifies the specific URI’s that aren’t and isolates them from the user’s machine.

When a URI is flagged as suspicious, it is opened in a container in the cloud where it can’t cause harm to the user’s system. Additionally, any files downloaded from isolated sites are first scanned in the cloud so that they can be blocked before they are ever sent to a user’s device. In these cases, even if a user or a security system trusts a domain, ConcealBrowse doesn’t.

Trust No One

While the VirusTotal report specifically discusses the use of trusted branding in file icons, we’ve also all seen phishing sites that display a trusted logo to lull victims into thinking they can safely enter their credentials. Again, where a user might be tricked into trusting the attacker, Conceal distrusts the attacker for them.

Using computer vision technology, ConcealBrowse can identify when trusted logos and branding are being misused by attackers and can block phishing sites before the user ever has the chance to compromise their information.

What Would Conceal Do (#WWCD)?

Long ago, attackers figured out how to take advantage of peoples’ trust biases to bypass defenses designed to protect us from the untrustworthy. Fortunately, as more and more zero trust technologies – like ConcealBrowse – provide the necessary distrust, these types of attacks will become less and less successful.

We are excited to empower every individual to protect their personal data from cybercrime throughout this cybersecurity education campaign.  Stay in the loop on all the great content we will be releasing by bookmarking our NCAM landing page.

Visit the NCSAM landing page
press release hero

Conceal Partners with Barrier Networks to Increase Cyber Resiliency of UK Businesses and Critical Infrastructure Sector

/in /by

ConcealBrowse to Help Barrier Customers Avoid Ransomware on Devices and the Network through Patented Browser Isolation and Zero Trust Technologies

AUGUSTA, Ga.–(BUSINESS WIRE)–Conceal, the leader in Zero Trust isolation and ransomware prevention technology, today announced a strategic partnership with Barrier Networks, a UK-based security solutions reseller and managed service provider with clients spanning the financial, legal, HMG/MoD and public critical infrastructure sectors.

“Barrier Networks provides assurance to customers that their systems are resilient to cyber attacks,” said Ian McGowan, Managing Director of Barrier Networks. “Conceal will help our customers avoid ransomware attacks at the earliest point of entry, the browser. ConcealBrowse is a highly effective, new way of transparently isolating malware away from devices, keeping attackers away from devices and networks, while preserving the user experience.”

“For years, Conceal has supported U.S. government agencies and Fortune 100 clients with our patented zero trust technologies,” said Gordon Lawson, CEO of Conceal. “We are excited to work with Barrier Networks, a seasoned managed cyber security service provider serving high profile businesses and the public sector across the UK.”

ConcealBrowse leverages an intelligence engine that works at machine speed with near zero latency to dynamically and transparently pre-process and analyze code and move suspicious, unknown and risky code to a cloud-based isolation environment. This unique, patented approach ensures that malicious code or files never enter enterprise devices and cannot infiltrate the network. ConcealBrowse works with existing browsers and supports all popular operating systems, integrates with Microsoft Active Directory, single sign-on authentication and other identity management systems.

Availability
The Conceal Platform is available immediately from Barrier Networks.

About Conceal
Conceal enables organizations to protect users from malware and ransomware at the edge. The Conceal Platform uses Zero Trust isolation technology to defend against sophisticated cyber threats. Conceal is used by Fortune 500 and government organizations globally to ensure their users and IT operations remain secure, anonymous and isolated from attacks. For more information, visit https://conceal.io/.

Source: https://www.businesswire.com/news/home/20221004005330/en/Conceal-Partners-with-Barrier-Networks-to-Increase-Cyber-Resiliency-of-UK-Businesses-and-Critical-Infrastructure-Sector

Welcome to National Cybersecurity Awareness Month!

/in /by

We are thrilled to announce that we are an official champion of National Cybersecurity Awareness Month (NCSAM)!  What is NCSAM you ask?  It’s only the best month of the year for the cybersecurity community!  NCSAM started 19 years ago as a partnership between the National Cybersecurity Alliance (NCA) and the U.S. Department of Homeland Security (DHS).  The campaign gives our industry the opportunity to collaborate between government and the private sector so that the importance of online security can be addressed.  Each year, a new theme is strategized and shared with the public. This year the theme is…

See Yourself In Cyber

While most of the cybersecurity news articles are about massive data breaches and hackers, it can be overwhelming, leaving you feeling powerless. Cybersecurity Awareness Month is a great reminder that there are all kinds of methods to keeping your data protected and can make a huge difference even by practicing the most basic cybersecurity measures. Each week we will release a series of content on how you can instill one of the four healthy habits that the NCA and DHS has outlined and encourages individuals to take control of their online lives:

  1. Enable Multi-Factor Authentication
  2. Use Strong Passwords and a Password Manager
  3. Update Your Software
  4. Recognize and Report Phishing

Each behavior will be the star of the show for a week in October.  This week we are starting with Multi-Factor Authentication (MFA).  Foreshadowing the details to come regarding MFA, NCA found that nearly half (48%) of US/UK respondents say they have “never heard of MFA.”  As an important aspect of any identity and access management (IAM) strategy, this reality highlights the need to have a conversation surrounding IAM.  The following three weeks recognize security behaviors with similar statistics.

We love the concept of NCAM.  The tools and tactics discussed throughout the month are helpful to not just educate yourself but also useful for employees, customers, families and friends.  Every weekday this month, Conceal will be providing content relevant and in line to what NCA and DHS are featuring.

We are excited to empower every individual to protect their personal data from cybercrime throughout this cybersecurity education campaign.  Stay in the loop on all the great content we will be releasing by bookmarking our NCAM landing page.

Visit the NCSAM landing page

What Are The Keys To Combating Dark Web Threats?

/in /by

Browser Security Case Study: Security Red Teams

/in /by

Overview

Cybersecurity Red Teams play the role of attacker/adversary in cybersecurity wargames. They play the bad guys to help sharpen the skills and toolset of the good guys (the Blue Team). Some companies will maintain an in-house Red Team, and some will contract that roll out to consultants. In order to simulate attacks on the friendly target company, the red team has to maintain much of the same attack infrastructure as threat actors. This includes:

  • A Command and Control (C2) environment that serves as the home base for the attackers key systems.
  • A group of distributed attack systems scattered in different networks, acting at the point of attack against the adversary while communicating back to the Command and Control networks.
  • A set of programs for reconnaissance and penetration tools to perform their function.
  • Tradecraft which helps them gather information to discover weaknesses in the target’s defenses while allowing them to remain undetected

Unlike true attackers, Red Teams have the additional challenge of remaining a fresh challenge while attacking the same company over and over again. The defensive blue teams can learn the patterns of the Red Teams and develop an unfair advantage if the attack approaches remain the same.

Challenges to Current Practices

Today, most Red Team practitioners build their toolset in company owned and registered cloud environments and use VPN connections to spoof their real network location while performing their network scans. Due to time and resource constraints, they often must reuse the same attack vectors. Internet service providers will often detect the activity on these nodes as an active threat and blacklist their traffic. This often forces Red Teams to use internal trusted networks or dedicated infrastructure to simulate attacks, presenting recognizable patterns to their Blue Team adversaries.

How Conceal.io Helps Red Teams

Conceal offers several benefits to the activities of a red team.

  1. Location Aware Scanning – Some networks and sites act differently depending on where it thinks a connection is originating. You may need to test a site from different egress regions to see how it really works. Red teams can use the Conceal Privacy Fabric to quickly change the egress location of the system with scanning and discovery tools to test for differences in response to the target network.
  2. Rotate Network Infrastructure – Most public VPN sites or personal sandbox environments used for red team hacking will eventually get tagged and marked as risky by ISPs and threat intelligence services. The ability to change egress nodes combined with the regular rotation of network nodes on the Conceal Privacy Fabric allows the red team to change the vector of attack with no additional investment in infrastructure.
  3. Securing C2 Environment – Keeping C2 environments save and free from discovery and counter-penetration by blue teams is important so that aren’t constantly having to be rebuilt. Keeping your C2 environments behind the Conceal network helps protect this critical infrastructure. In the case of a true discovery of the C2 environment’s obfuscated network location, the Red Team can drop that Conceal network egress tunnel and create a new one.

 

WWCD: Could Conceal Have Stopped Lapsus$?

/in /by

Could Conceal have stopped Lapsus$?

Several multinational companies have been in the news in recent months thanks to being victims of the prolific data extortion group known as Lapsus$. The most recent victims are Uber and Grand Theft Auto videogame producer Rockstar Games. However, Lapsus$ has been in the news for a majority of 2022 with successful attacks on Okta, Microsoft, Samsung, and others.

One of the group’s earliest high-profile attacks was against authentication management firm Okta, which is used by many companies to control access to all the software used by employees. Its role in the security chain meant that Okta’s security reputation is paramount to keeping the trust of its customers. Although Okta claimed it was able to contain the breach quickly, the high-profile attack meant that the company’s reputation suffered permanent damage.

Modus Operandi

So how does Lapsus$ operate? The group relies heavily on a combination of stolen credentials and social engineering to gain access to privileged accounts within a company. They then use that access to obtain sensitive data and demand a ransom to prevent the data’s release. The ransom demand is usually accompanied by a release of a sample of the data on publicly accessible channels, like Telegram, to put added pressure on the company to pay up.

The initial target of the attacks are typically peripheral employees or contractors that may be less knowledgeable about social engineering or might be less inclined to stringently follow security protocols. If the group can access sufficiently valuable data from this initial access, that could be the end of the attack. Otherwise, they use this initial access as a foothold to gather targeting information for further social engineering attacks against better-placed individuals in the target company.

Could these attacks have been prevented?

Lapsus$ expertly leverages the fact that people are not perfect. Regardless of training, they can be tricked into clicking malicious links, open malicious files, or provide multi-factor authentication tokens to third parties. The interactions between attacker and victim can happen on several channels, some of which are controlled by an organization and others that are not. There are several techniques that can be employed to prevent access escalation and limit what can be accessed once an attacker is in your network.  But, ten times out of ten, it’s better to keep them from ever getting access in the first place.

How could Conceal have helped?

No single product is a cyber security panacea, but ConcealBrowse could have blocked some of Lapsus$’s credential-stealing techniques before they started. One of Lapsus$’s techniques is to steal credentials to gain their initial access, including getting users to click on malicious links that download the credential theft software to the user’s computer. The group also buys credentials from the dark web, and many times the groups selling those credentials have used the same technique.

The most common methods to prevent these attacks include training users to identify the links and not click on them. As we’ve seen, this method relies on teaching 100% of users to make the correct decision 100% of the time. ConcealBrowse eliminates this need. ConcealBrowse is the eyes, ears, and brain that protect users regardless of where they click and isolate questionable websites in a remote browser in the cloud, where any software downloads or zero-day exploits can’t affect a user’s device.

Regardless of what decision they make, ConcealBrowse keeps them safe. #WWCD

Are You Ready for Mandatory Cybersecurity Disclosure?

/in /by

Here are the top 4 ways to prepare for the SEC’s recent cybersecurity proposal

Earlier this year, the SEC released recommendations for organizations suggesting disclosures surrounding cybersecurity. In the 129-page proposal, the SEC proposed rules for cybersecurity risk management, strategy, governance, and incident disclosure by public companies.  If accepted, these rules would be put in place as amendments to existing reporting and disclosure requirements. The goal of the proposed amendments is to better inform investors on an organization’s risk management strategy and governance surrounding cybersecurity incidents.

Amendment Details

Mandatory cybersecurity disclosures can seem daunting for organizations. Here is the breakdown of what you need to know about the three key aspects of the proposed amendment:

Governance

The overall governance surrounding an organization’s security program is a major component of the proposed amendments. While we will get to the governance surrounding risk management and cyber incidents in a minute, from a broader perspective, these proposed rules would require transparency to determine if organizations are investing and prioritizing cybersecurity as a key business function and value. By requiring disclosure on cybersecurity expertise on an organization’s board of directors, investors can draw many conclusions as it relates to the priority level the organization is giving to cybersecurity.  Understanding the board-level experience provides awareness to the board’s ability to provide guidance and insight to the CIO, CISO and other cybersecurity stakeholders.

Risk Management

Identifying and managing cybersecurity risk is currently not a required disclosure for organizations. Without an understanding of an organization’s approach to risk management, such as the policies and procedures for identification and management, investors are unable to use cyber risk management as a data point when deciding whether to invest in a company. For organizations that have a strong policy and procedure for cybersecurity risk management, this reporting requirement would add substantial value to a potential investor. For those that don’t, if the proposed amendment is approved, there will be significant benefit to investing in the improvement of the cyber risk management program.

Cybersecurity Incidents

With the proposed amendment, organizations would be required to report material cybersecurity incidents as well as provide updates on previously reported cybersecurity incidents. While the reporting of a cybersecurity incident brings risk to reputation, stock, public opinion and more, the way an organization handles the disclosure and overall response can also improve reputational opinions and business outlook. Nowadays, cyber incidents are likely to hit the media with or without the organization’s intent to publicly disclose the event. As a result, this portion of the proposed amendments does not have to be a daunting task, just something organizations can invest in as a proactive security task so that they are confident in their disclosure strategy when they do fall victim.

How to Prepare

  • Assess Organization’s Current Priority of Cybersecurity
    At the end of the day, the purpose of the recommended disclosures is to give investors an understanding of where cybersecurity falls on the priority list of an organization.  Looking at an organization’s board to see where cybersecurity experience sits or where there is an opportunity to invest is an effortless way to prepare for the proposed amendments. Additionally, the investment will provide value beyond meeting a requirement, giving the organization the upper hand to improve overall cyber resiliency.
  • Assess Current Risk Management Approach
    What policies and procedures are currently in place to guide the cyber risk management workstream?  Being able to quantifiably show the risk management approach’s success and continuous improvement will be a key advantage to getting investors on board but also to minimizing cybersecurity risk across the enterprise. Showing investments that are made to minimize risk, such as investing in proactive products, will allude to the dedication and priority of cybersecurity in an organization.
  • Assess Current Incident Response Program
    Primarily, organizations must have the mindset that it is not a matter of if but when their organization will fall victim to a cyber-attack. Once this mindset is understood, organizations can invest in a proactive incident response program to best prepare themselves to respond to a crisis. Drafting their overall response plan, playbooks for certain incidents, and disclosure statements, will minimize the inevitable stress and workload that comes with crisis management. Being ahead of the necessary disclosures required by the proposal will ensure your organization is able to handle their public disclosure and overall response strategy tastefully and at the best interest of the organization.
  • Ensure a Level of Assurance
    The ability to quantify the overall success of an organization’s cybersecurity strategy, specifically as it relates to risk management, incident response, and overall governance, will be key for the SEC’s proposal. Investing in solutions that can provide a level of assurance to risk management will speak even louder to investors than showing a document with a written policy or procedure.

Here at Conceal, we can provide a level of assurance to both incident response and risk management. By undertaking activities to prevent, detect and minimize the effects of a cybersecurity incident through the web, we lower an organization’s overall cybersecurity risk while also maximizing the value and success of an organization’s incident response when they do fall victim. Our product’s ability to minimize the effect of an incident will make the overall disclosure and public backlash minimal. Find out how ConcealBrowse, ConcealSearch, and ConcealCloud can each provide unique value to achieving the SEC proposed amendments by scheduling a demo today.

“CONCEALing” Browser Context Through our Patented SDN

/in /by

Threat actors can’t attack you if they can’t find you. With an additional layer of protection, you can make it much more difficult for attackers to trace web activity back to your organization or to find cloud applications and infrastructure that are critical to your business.

Key Characteristics

Conceal’s patented SDN removes digital context and physical attributes from data flowing over the internet and internet-accessible infrastructure. The extra layer of protection minimizes the likelihood of risky traffic compromising your network. In Verizon’s 2022 Data Breach Investigations Report, web applications were the number one vector of entry for bad actors and are connected to the highest number of DoS attacks. The Verizon report found that Basic Web Application Attacks (BWAA) largely focus on attacks that directly target an organization’s most exposed infrastructure, such as Web servers. Conceal’s patented SDN helps to minimize the opportunity for attackers to find exposed infrastructure by increasing privacy using intermediaries to acquire the commercial infrastructure used to implement the network. The dynamic design of our patented SDN removes context and provides extra layers of privacy and security to users and enterprises.

Conceal’s patented SDN helps organizations identify and isolate risky web traffic before it compromises your network through the monitoring capability as part of the additional layer of protection. Additionally, Conceal is able to move identified risky web traffic without affecting a user’s current session. The fidelity of the protection’s ability to monitor and isolate without affecting a user’s ongoing communications helps provide security assurance for web activity. The extra layer of protection moves the web traffic into a remote browser in an isolated environment without a user having to decide if they believe the web traffic is risky.

Our patented SDN encompasses all of Conceal’s offerings; from ConcealBrowse and ConcealSearch to ConcealCloud, our patented SDN was deliberately and carefully intertwined throughout our product suite to bring an unparalleled solution to the market to address web security.

Use Case

Law Enforcement agencies are faced with the insecurities surrounding intelligence collection. Whether the intelligence collection surrounds dark web monitoring, open-source intelligence, social media research, financial crimes, or internet crimes against children, these investigations come with a level of risk while leveraging the internet. Conceal fully supports operational mission capabilities aligned to law enforcement. Currently, Conceal is deployed in state and local law enforcement agencies and other investigative organizations. To help combat risks associated with mission-critical investigations, the following is accomplished through our product suite:

  • Open-Source Intelligence – Through the investment of our zero-trust browser isolation, ConcealSearch, users can conduct non-attributable, protected open-source research.
  • Social Media Research – By removing attribution of users through our ConcealSearch product, investigators can anonymously monitor social media sites and updates in real-time.
  • Financial Crimes and Intelligence – By leveraging ConcealSearch, users can conduct “follow-the-money” operations and capture and archive financial information without worrying about malicious sites or internet activity entering the network.
  • Internet Crimes Against Children – With ConcealSearch, law enforcement agents can investigate, track and conduct operations to combat crimes against children without jeopardizing their network or identity.
  • Dark Web Monitoring – Engage in dark web monitoring and activities without exposing your network and identity by investing in ConcealSearch.

Conceal’s patented SDN role in cybersecurity will continue to expand as the value of hiding user identities and technical information while simultaneously searching the web grows in importance.