press release hero

Conceal Partners with SBL Cyber Monitoring to Bring Innovative Security Solutions to the Netherlands

SBL Cyber Monitoring adds Conceal’s secure browser extension to help organizations of all sizes monitor and detect malicious activity at the edge to stop credential theft and ransomware

AUGUSTA, Ga.–(BUSINESS WIRE)–Conceal, the leader in Zero Trust browser isolation, today announced their partnership with SBL Cyber Monitoring, a Dutch based cyber monitoring organization with the mission to prevent damage from cyber-attacks.

“SBL Cyber Monitoring watches over your IT environment, detects and intervenes in case of incidents, preventing damage to your business by a cyber attack,” said Stef Liethoff, Co Founder of SBL Cyber Monitoring. “ConcealBrowse will help monitor, detect, and respond to potentially malicious activity at the edge, helping not only answer one of SBL Cyber Monitoring’s fundamental questions – ‘Am I able to detect cyber incidents in time?’ but prevent incidents from even happening.”

“Our partnership with SBL Cyber Monitoring is exciting as it allows us to bring innovative security solutions to the Netherlands,” said Gordon Lawson, CEO and Founder of Conceal. “We are excited to work with SBL Cyber Monitoring as ConcealBrowse will help their customers increase their overall cyber resilience.”

ConcealBrowse’s lightweight browser extension converts any existing browser into a Zero Trust, secure browser. By monitoring and detecting new and malicious URLs to determine if they are safe to access via the organization’s network, ConcealBrowse can stop credential theft and ransomware that bypass other cybersecurity controls. If the validity of the URL cannot immediately be determined, ConcealBrowse proceeds to isolate the session through its dynamic routing network to hide and protect the user’s identity and organization’s network.

For the security partner community, ConcealBrowse offers a tremendous opportunity to provide innovative solutions to their customers. By adding a comprehensive malware protection to any browser, ConcealBrowse is a simple, drop-in solution that can easily be added to existing security packages.

About Conceal

Conceal enables organizations to protect users from malware and ransomware at the edge. The Conceal Platform uses Zero Trust isolation technology to defend against sophisticated cyber threats. Conceal is used by organizations of all sizes globally to ensure their users and IT operations remain secure, anonymous and isolated from attacks. For more information, visit https://conceal.io/.

application security

Making the Most Out of 2023 Cyber Budgets

Minimize risk at the application layer with an affordable secure browser solution 

Recently, a study released by Neustar International Security Council found that only half of responding companies currently have the necessary budget to address their cybersecurity needs.  With the increased sophistication of the threat landscape combined with the global focus on protecting against cyber threats, especially ransomware, the lack of sufficient budget is a growing concern for the cybersecurity community.  

Furthermore, the study found that only 11% of responding organizations had enough budget to cover their most critical assets.  Securing critical assets is a fundamental responsibility of a cybersecurity program.  Without enough of a budget to cover for this need, organizations are going to need to get creative in their 2023 approach to establishing a sufficient cybersecurity posture to protect crown jewels.  

Getting the Most Bang for Your Buck 

A cost conscious cybersecurity strategy requires organizations to think out of the box when developing their 2023 roadmap.  The onion, or multi-layer, approach to cybersecurity allows organizations to look at ways to proactively defend their network at different layers.  The Open Systems Interconnection model, better known as the OSI model, is a popular framework used to maximize the multi-layer approach, breaking down the network by layers of communication and data exchange.  Investing at each layer may not be feasible in 2023 but ensuring that you get the most out of the investments an organization does make will be crucial to maximizing security.  

The seven layers of the OSI model include the physical, data link, network, transport, session, presentation and application layers.  Protection at each layer provides an additional, unique level of protection that a bad actor must go through to get to and cause havoc within an environment.  Protection at each layer can provide unique qualities of security that add safeguards if threat actors are able to bypass the preceding layer(s).  Of the most concerning risks that organizations have on the horizon of 2023 are the continued concerns of ransomware and credential theft.  Minimizing the initial threat vectors associated with these risks will be crucial to organizations minimizing their security risk with their constrained budgets.  Luckily, there are solutions that can address these top risks while providing security to multiple layers of the OSI model.  

Your Affordable Secure Browser Solution

Securing your network at the edge has the ability to minimize significant cybersecurity risk due to its breadth and depth when properly deployed.  ConcealBrowse is your cost effective and frictionless secure browser solution. A lightweight browser extension, ConcealBrowse converts any browser into a ZeroTrust, secure browser stopping ransomware and credential theft that bypass other security controls. Deployed in minutes and seamless to the user, Conceal protects your employees where it matters most, at the edge.  This approach minimizes continued concerns of ransomware and credential theft while providing protection at multiple layers.  By securing your web browser, ConcealBrowse provides security at the application layer and by isolating potentially malicious sessions through our dynamic routing network, the presentation, sessions, transport and network layers also receive a degree of security.  

To find out how our affordable secure browser solution can help you maximize your investment in security at the edge, schedule a demo today.

data breach padlock

Conceal Threat Alert: Data Breach at MailChimp

Security reporter Graham Cluley recently reported on a data breach at the email newsletter service Mailchimp, which resulted in the exposure of customer data. However, this breach affects more than just Mailchimp customers. Even if you are not a Mailchimp customer, you may still be impacted by the breach.

Sportsbook and betting website FanDuel (like many, many other companies) outsourced its newsletter management to Mailchimp, which meant Mailchimp took responsibility for securing FanDuel’s customers’ email addresses and other personal data. Unfortunately, the company failed in its responsibility, leading to a security breach that impacted several of its clients, including FanDuel.

FanDuel has since sent warnings to its customers, informing them that their names and email addresses were exposed in the breach. However, no other personal information such as passwords, financial information, or the like were acquired.

The exposure of customers’ names and email addresses in the Mailchimp data breach is not just a minor inconvenience, however. The information that was acquired by the unauthorized actors could be used in targeted and personalized phishing attacks aimed at FanDuel users. Cybercriminals could create convincing-looking phishing emails that may trick unsuspecting users into revealing more information, such as their passwords.

How can we get better at phishing protection?

Phishing attacks are becoming increasingly sophisticated and can be difficult to detect. The use of the customer’s name and email address in the phishing email makes the attack even more convincing and increases the likelihood of the user falling for the scam. The cybercriminals could use the stolen information to send emails that appear to be from FanDuel, asking the recipient to provide additional personal or financial information. Fortunately, ConcealBrowse has advanced anti-phishing protection that identifies phishing sites using computer vision and machine learning, and stops users from providing their personal information.

Because phishing attacks are only successful if the victim is convinced a phishing site is legitimate, common advice to protect against phishing attacks is focused on user education and behavior. This includes being vigilant when receiving emails that ask for personal or financial information, even if they appear to be from a trusted source. Additionally, victims are urged to be cautious of any suspicious or unexpected emails, and not click on any links or download any attachments from unknown or untrusted sources. While all of this is solid advice, the fact remains that users will make bad decisions and provide information to phishing sites if they are forced to rely on their own judgment. ConcealBrowse’s secure browser anti-phishing solution removes that burden from users.

The Mailchimp data breach highlights the importance of protecting personal information and utilizing advanced phishing protection and browser security solutions. User education and email client-based phishing protection simply aren’t good enough. Click here to sign up for a free ConcealBrowse account and start protecting your company from sophisticated phishing attacks like this one today.

Written by: Conceal Research Team

Traditional Endpoint Protection Platforms Are No Longer Sufficient

Endpoint protection is a critical component of any organization’s cybersecurity strategy. It involves the use of software and hardware solutions to protect the various endpoint devices within a network, such as laptops, servers, and mobile devices, from cyber threats. Protection at the endpoint is even more important in the age of remote work and bring-your-own-device IT policies when endpoints frequently have access to sensitive applications and data while being outside the protection of traditional network-based security solutions.

Endpoint protection platforms (EPPs) have evolved to include advanced features such as real-time threat detection and response, machine learning-based malware detection, and cloud-based management. These solutions are designed to detect and respond to a wide range of cyber threats, including malware, ransomware, and phishing attacks.

Current Shortcomings of Endpoint Protection Platforms (EPPs)

Despite recent advancements in endpoint protection, there are still several shortcomings that organizations need to be aware of:

  1. Ineffective: EPPs are only as effective as their ability to detect and respond to new and emerging threats. As a result, with the constant evolution of cyber threats, it can be difficult for EPPs to keep up and provide adequate protection.
  2. Resource Intensive: Endpoint protection solutions can be resource-intensive and negatively impact the performance of devices they protect. This can be especially problematic for organizations with limited IT resources. EPPs typically have extensive setup and configuration requirements and require a considerable time investment from already overstretched security and IT teams.
  3. Limited Protection: EPPs can sometimes be bypassed by sophisticated attackers or even by users who may unknowingly download malware or fall for phishing scams. They rely on users to make good decisions to prevent certain attacks. For example, if an employee receives an email that appears to be from their bank and it requests personal information, they may provide it without realizing it’s a phishing scam. In this case, the EPP may not detect the threat because it is disguised as legitimate communication. In short, while EPPs are a critical component of an organization’s cybersecurity strategy, they are dependent on human decisions that are frequently affected by misplaced trust.

An Emergent Solution

As organizations have increasingly come to see that EPPs cannot provide a holistic security solution, a new class of “enterprise browsers” and browser-based security solutions have taken off and gained attention from investors. While most do provide an additional layer of protection, they simultaneously increase the complexity of the IT environment on top of the complexity already introduced by the EPPs. Still, these solutions can help address some of EPPs shortcomings by enforcing zero-trust concepts and removing the burden from users of making judgments about which links and files are safe to click.

ConcealBrowse is the newest entry in this emerging class of solutions. Instead of introducing a new layer of IT complexity, ConcealBrowse provides plug-and-play protection via an easy-to-manage browser extension. ConcealBrowse transparently checks every link and every web site a user visits with both historical and predictive intelligence about URLs. Dangerous activity is blocked, while risky sites and applications are opened in a cloud-based isolated browsing environment where they can’t access your devices or network. ConcealBrowse can fill in the gaps left by EPPs in a package that is easy to manage and affordable to deploy across an organization.

Click here to try out ConcealBrowse for free or schedule a demo so that we can show you how ConcealBrowse can drastically improve your cybersecurity posture.

email phishing

Conceal Threat Alert: Government Employees Money Stolen through Targeted Phishing Campaign

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency, and Multi-State Information Sharing and Analysis Center have released a joint advisory warning network defenders about the malicious use of legitimate remote monitoring and management (RMM) software against government employees to steal banking credentials.

In October 2022, CISA identified a widespread cyber campaign involving the malicious use of legitimate RMM software. Specifically, criminal actors sent phishing emails that led to the download of legitimate RMM software which the actors used in a refund scam to steal money from victim bank accounts.

In one technique, the actors sent an email that mimicked legitimate brands with a link to an actor-controlled website that provided an RMM install file pre-configured to connect to the actor’s servers. In another, they provided a phone number to call in the email, and upon calling the number the victim would be directed to one of the malicious web sites.

In both cases, the actor would then deceive the victim into logging into bank accounts while the actor was monitoring their actions remotely via the RMM software. They could then manipulate what the victim was seeing on their screen to convince them they had received an excessive refund, that they would then be directed to “correct” by sending the actor money.

The authors of the advisory assess that this campaign could lead to additional types of malicious activity such as selling victim account access to other cybercriminals or advanced persistent threat actors. This highlights the threat of malicious cyber activity associated with legitimate RMM software: after gaining access to the target network via phishing or other techniques, malicious actors are known to use legitimate RMM software as a backdoor for persistence and/or command and control (C2).

Once the RMM software has been installed by the victim and the attacker has gained their trust, there is little that existing solutions can do to prevent the attacker from stealing the data they are targeting. That is why it’s crucial to prevent the attack from its earliest stages, in this case – and in many others – when the user attempts to visit the malicious web site in their browser.

What’s the Best Browser Security for Phishing Protection?

We built ConcealBrowse because we know that more and more of company’s employees are working and living inside the browser. Our advanced anti-phishing protection combined with our intelligent decision engine protects users from phishing attacks using a combination of intelligence and computer vision technology that identifies web sites mimicking real brands and blocking users from downloading files or entering their information on those sites. In this case, that means the RMM would never have been downloaded by the potential victims in the first place.

If you’d like to see how ConcealBrowse can protect your business against phishing and ransomware attacks with our advanced browser protection, try ConcealBrowse for free today.

Written by: Conceal Research Team

password breach

Conceal Threat Alert: Re-used Passwords Result in Breach of 35,000 PayPal Accounts

American Banker recently reported on a massive credential stuffing attack that resulted in 35,000 PayPal accounts being breached. The attack exposed personal information including Social Security numbers and phone numbers.

Credential stuffing attacks utilize stolen user login IDs and passwords from various sources, including phishing attacks and credential-stealing malware, to programmatically attempt to log in to large numbers of user accounts. Even if the attacker steals credentials for one website, credential stuffing is often successful because people use the same credentials across multiple sites. This means the attackers can conduct phishing attacks that mimic less sensitive web sites than financial ones like PayPal, then use those credentials to access more sensitive websites and steal money or more sensitive information.

While PayPal said it was unclear how the credentials used in this attack were obtained, they did say they have no evidence they came from PayPal systems and were “likely” from phishing.

PayPal didn’t report that any users lost money from the breach, but given the sensitivity of the personal information stolen, the attackers have gained some key tools for conducting follow-on attacks that could allow them to cause financial harm to the victims in the future.

How Can Companies Stop Credential Stuffing Attacks?

Credential stuffing is the culmination of a chain of attacks that each attempt to steal more and more sensitive information. The initial credentials can be obtained in various ways. In addition to phishing, credentials can also be purchased on the dark web or obtained in data theft operations against less secure targets. These credentials can then be used en masse in credential stuffing attacks against a wide array of web sites. Because so many accounts in so many places can be attacked in an automated fashion, at least some successes are almost guaranteed. With access to personal accounts, the attacker now has a database of personal information that they can use to conduct more targeted attacks with more valuable payouts.

Because there are so many stages of these attacks and multiple ways that the credentials can be obtained in the first place, there’s no silver bullet solution to completely prevent them. For instance, two-factor authentication can often thwart the credential-stuffing stage of the attack, but this occurs after credentials have already been stolen. Using unique passwords for every account can also be effective. Several measures are required to secure customer data from other types of data theft attacks on servers.

All this makes the problem of protecting against these attacks sound daunting – and it is – but the key factor is that many of these attacks are possible because an earlier phishing attack was successful. ConcealBrowse’s advanced phishing protection sits at the beginning of the attack chain, the browser, and prevents attackers from obtaining credentials in the first place.

Head Off Credential Theft with Advanced Phishing Protection and Dynamic Remote Browser Isolation

Click here to sign up for a free ConcealBrowse account to see for yourself how ConcealBrowse can protect your company and employees from phishing attacks and malware. If the attackers can’t get your users’ credentials now, they can’t use them to steal sensitive data across the Internet later.

Written by: Conceal Research Team

Chinese threat actor malware

Conceal Threat Alert: Chinese Threat Actor Targets Users in WhatsApp

A recent white paper by researchers at Cyjax uncovered the activities and infrastructure of a financially-motivated Chinese threat actor abusing trusted brands in WhatsApp links to perform a variety of malicious actions, such as delivering malware and malicious advertising. They labeled the group Fangxiao.

Fangxiao stands apart from other criminally motivated groups because of the sheer scale of their attacks. One of the strategies uses to stay anonymous is to rapidly iterate through domain names. In one case, they used over 300 in one day. In fact, the researchers uncovered more than 42,000 domains used by the attackers since 2017.

These domains mimicked domains of legitimate companies in a variety of verticals and several countries. The attackers send links to users in WhatsApp that specify a brand the corresponding landing page should impersonate. This allows Fangxiao actors to tailor messages to any brand they think is likely to be effective for a particular audience. The brand is passed to the landing page, which is then automatically customized to mimic the brand in question to build trust with the user. The page is further customized based on the user’s location to show local currency units to appear local regardless of what country they are visiting from. Like the Disneyland Malware Team we wrote about previously, the success of the attack hinges on the users’ trust of the brand overcoming any suspicions they might have about the link.

These extra touches are meant to keep the user engaged with the site and garner trust. They are taken through a journey that results in them providing their friends’ WhatsApp numbers so the attack can be spread to their contacts, downloading malicious software, and generating affiliate revenue for the attackers.

How Dynamic Remote Browser Isolation and Phishing Protection Can Stop These Attacks

The fact that the Fangxiao actors utilize WhatsApp links as the initial attack vector highlights a growing trend in Internet usage: While many attacks happen in the browser, the plethora of communication and other apps containing web links means that email-based phishing and malware protection isn’t enough. Regardless of how a malicious URL reaches a user, the attack happens in the browser. That’s why ConcealBrowse checks every URL being opened in the browser, regardless of where the user clicks it.

ConcealBrowse uses up-to-the-minute threat intelligence – including about newly-registered domains that haven’t even been used yet – to determine which are risky so that they can be opened in an isolated environment, off your endpoint and off your network. Additional phishing protection then identifies fraudulently-branded web sites and prevents users from providing any data to them or interacting with them.

Try ConcealBrowse for free, or schedule a demo so we can show you how ConcealBrowse provides phishing protection and malware protection against threats like Fangxiao.

Written by: Conceal Research Team

press release hero

Conceal Partners with Thousand Guards to Expand into MSSP Markets

Thousand Guards Customers Can Help Protect Against Ransomware through ConcealBrowse, the Patented Browser Isolation and Zero Trust Technology

AUGUSTA, Ga.–(BUSINESS WIRE)–Conceal, the leader in protecting against web-based attacks, today announced it is expanding into the Spain, France, Italy, and Portugal MSSP markets through a strategic partnership with Thousand Guards, a Southern European based consulting firm whose mission is to identify innovative cybersecurity solutions that address emerging threats and make them accessible to customers, facilitating their awareness, proofing and acquisition.

“We see a compelling opportunity with Conceal, service providers and millions of endpoints across Europe to provide an affordable, cost effective solution to web-based attacks. ConcealBrowse is a highly effective way to isolate malware from devices and an organization’s network while preserving the users’ overall experience.”

“Thousand Guards services are aimed at IT security managers and cybersecurity services companies that need to find solutions to new or future problems,” said Juanjo Martinez, Founder and VP of Sales of Thousand Guards. “We see a compelling opportunity with Conceal, service providers and millions of endpoints across Europe to provide an affordable, cost effective solution to web-based attacks. ConcealBrowse is a highly effective way to isolate malware from devices and an organization’s network while preserving the users’ overall experience.”

“Thousand Guards is a trusted advisor for CISOs throughout Southern Europe,” said Gordon Lawson, CEO of Conceal. “We look forward to growing our presence in the region by working with Thousand Guards to deliver advanced protection against browser-based threats and ransomware via MSSPs with large customer bases who can package ConcealBrowse with their service offerings.”

ConcealBrowse leverages an intelligence engine that works at machine speed with near zero latency to dynamically and transparently pre-process and analyze code and move suspicious, unknown and risky code to a cloud-based isolation environment.

For the MSSP community, ConcealBrowse offers a tremendous opportunity to provide innovative solutions to the web-browser security emerging threats. A simple, drop-in solution, ConcealBrowse can easily be added to existing security packages. It requires minimal configuration and provides advanced telemetry data that can be integrated with SIEMs and common analytical tools.

About Conceal

Conceal enables organizations to protect users from malware and ransomware at the edge. The Conceal Platform uses Zero Trust isolation technology to defend against sophisticated cyber threats. Conceal is used by organizations of all sizes globally to ensure their users and IT operations remain secure, anonymous and isolated from attacks. For more information, visit https://conceal.io/.

Digital global world map technology research develpoment analysi

It’s 2023 and We Are Still Worried About Ransomware

While 2021 was the most prevalent year of ransomware to date, 2022 ended on pace to take the lead.  Here’s what we know going into 2023.

Ransomware — a term we are all tired of hearing but a threat that remains front and center for the security community and beyond.  Arguably the most dangerous attack vector in cybersecurity, ransomware continues to cripple organizations and countries, but why?  Being front and center for years now, shouldn’t ransomware be under control? 

Current investments in security tools are not solving the global crisis surrounding ransomware.  As a result, the United States just held their second annual summit on Ransomware where global leaders from 36 countries and many private institutions came together to strategize a global response to ransomware.  The current ransomware strategy has not worked. 

The Security Gap 

For years, the top of the cybersecurity agenda has been to protect against ransomware.  So, why is it that years later the objective remains the same?  The answer is simple – there is a gap in tooling.  Vendors are not addressing the challenges surrounding ransomware.  As a result, organizations continue to invest in tooling to address many of their ransomware related objectives.  Unfortunately, more often than not, the tooling being invested in does not fully solve for Ransomware’s top challenges.  Bad things are still happening.  

One of the biggest challenges with ransomware is its continuous evolution.  While 85% of ransomware attacks begin with a targeted phishing campaign on an end user, the manner in which the campaign is conducted has exponentially grown in sophistication.  Traditionally, phishing has been focused on targeting employee work emails addresses and attacking through one of three attack types: a link with malicious code behind it, a fake landing page that captures user credentials, or through an attachment with a malicious exploit embedded.  Nowadays, while phishing is still the number one entry point for ransomware, the attack vector is stemming from a wide range of applications.  

Addressing the Tool Gap

Even with the growing vectors for phishing, one thing remains constant – the browser is a critical gateway for all attack types.  As a result, more often than not, a user must go to the internet to be exploited.  Protection at the browser can solve for internet-based exploitation.  

ConcealBrowse offers an extra layer of protection against phishing, distrusting risky web sites by default and providing protection even when email filtering fails. Once a user clicks a phishing link, ConcealBrowse goes into action, scanning the URL and any resources loaded by it to ensure they haven’t been flagged as dangerous. At the same time, ConcealBrowse uses advanced AI to analyze the pages for signs of a phishing attack, and blocks attackers at 

All of this powerful functionality is delivered in a simple plug-and-play package that requires minimal setup and configuration for your IT or security teams. In addition, information derived from our intelligence engine about visited URLs is available via our advanced telemetry feeds, and can be easily integrated into the rest of your security stack. 

As social engineering continues to advance exponentially, it will become ever more important to have the right tools to keep your network safe from phishing and ransomware. Click here to try ConcealBrowse today.

ransomware

Conceal Threat Alert: Despite Boosted Funding and Attention, 2022 Saw No Improvement in Government Ransomware Defense

Cybersecurity provider Emisoft recently released statistics indicating that 2022 saw no decrease in successful ransomware attacks among U.S. local government and healthcare providers despite new legislation at both the federal and state levels aimed at curbing it. According to the numbers provided in the report, 106 local governments, 44 universities and colleges, 45 school districts and 25 healthcare providers were affected by ransomware attacks last year.

The report goes on to detail some of the impacts of these attacks: The local government of Quincy, MA paid a $500,000 ransom in 2022. The Los Angeles Unified School District, the second largest in the U.S., refused to pay a ransom and had stolen data released on the Internet. In seventeen separate instances, ransomware attacks on hospitals resulted in protected health information being stolen. In one of these, a 3-year-old patient received an overdose of pain medicine because the system for calculating the dosage was compromised.

The trend isn’t improving

Although the ransomware threat is widely recognized and countless dollars are spent by companies and governments to try and stop it, the impact has not lessened over the last several years. According to the report, the number of state and local governments known to have been impacted by ransomware in 2022 was 106, roughly the same as the 113 reported in 2019 and 2022 and more than the 77 reported in 2021. The picture looks equally bleak for the education sector. The number of incidents affecting it has remained steady between 84 and 89 incidents each of the last four years.

How can organizations fight back?

Unfortunately, it’s clear there isn’t a silver bullet that will put an end to the very lucrative ransomware business. Legislation and user security training have proven to be largely ineffective, and the amount of money spent on hardware and software solutions continues to skyrocket. The problem has become even more difficult to manage as more and more business applications are now accessed through the web browser and workers now conduct business on work and personal devices, both at home and in the office.

We developed ConcealBrowse push zero trust principles that harden your attack surface to the edge, wherever that edge may be. Phishing and other social engineering techniques have become sophisticated enough to trick even the most savvy and well-trained users, and the web browser is one of the most common attack vectors for ransomware gangs. 

ConcealBrowse uses multiple intelligence sources in our decision engine that identifies and isolates risky sites and blocks phishing techniques and malicious downloads. While no solution can prevent 100% of ransomware attacks, ConcealBrowse fortifies the weakest point on your attack surface and removes the burden of judging risk from users. Click here to sign up today for a free version of ConcealBrowse and see how it can make your organization safer from the scourge of ransomware.

Written by: Conceal Research Team