Browser-Based Threat Report: Nov. 27
Browser-Based Threat Report
Week of November 27th, 2023
ConcealBrowse is leveraged by teams across the world to combat weaponized URLs. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.
At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of November 20th, 2023, unveils critical insights into the ever-evolving landscape of online threats.
The following report highlights recently detected sites that were deemed suspicious:
_____________
SHA-256: : f18313bd258045a0c134467990ca54423ad6c9427d57e921b9769bb4105a6e26
This URL was detected by ConcealBrowse first on November 15th, 2023 and continued to isolate on subsequent visits on November 16th and 21st. It was first identified by 3 security vendors on November 21st, 2023 and has since dropped to 2 vendors, showing remediation attempts by the domain owners. Due to this, the domain, which was sinkholed November 21st, has been removed from sinkhole rules by various DNS providers. This points out the dynamic nature of webpages and the threat domain, highlighting the importance of real-time analysis (provided by ConcealBrowse).
Upon historical analysis, the page was seen downloading a suspicious JavaScript file which was flagged by 2 vendors as suspicious. ConcealBrowse continues to intervene to date, isolating the page with a 14% risk score due to the history of the webpage and the abundance of empty and void links.
_____________
SHA-256: b5b3e43c5b74bdc9fc35fa3708a17a34394006d51b34c1efa21685be1629ede1
This URL was detected by ConcealBrowse on November 20th, 2023. The URL was first detected on November 27th, 2023, by 6 reputable security vendors. By analyzing sites in real time, ConcealBrowse protected the endpoint one week before intelligence sources could report its nefarious activity.
The URL leads victims to a malicious shopping page that is poorly designed. Indicators of nefarious activity include the irrational sizing chart when purchasing a vehicle, which further, was listed for sale at $14. Although it is apparent the site is suspicious, end users can initiate downloads with a simple click or even fall victim to drive-by download attacks that require no end user interaction. Supporting this is the fact that this page was shown to download an HTML file that was deemed suspicious by two additional security vendors. ConcealBrowse intervened additionally due to identified anomalies, such as the webpage’s malicious top-level domain.
_____________
SHA-256: 7122c4952c0e428874187a684e6cf72937fccf96033240a9077a6ed245da604b
After analyzing the URL in question, it was found to be flagged as malicious by several other threat intelligence feeds. The primary reason for their reporting this domain as malicious was due to it being associated with phishing/credential theft attacks.
Upon engaging the link, users are prompted with a captcha to verify they are human. Afterwards they are directed to a spoofed Microsoft login page.
Deeper analysis shows that this site, which is no longer live, was registered through Russia on August 30th of 2023 and was blocklisted by several providers due to its association with the Storm1575 threat group operating out of Russia. This group is known to use Dadsec, a phishing-as-a-service platform, with the goal of stealing Microsoft O365 credentials.
It is important to note that the site appears to have been taken down.
_____________
This URL was detected by ConcealBrowse during an INTERNAL TESTING session of our new SHERPA AI decision engine. The URL was brought to us by a customer who was concerned about this type of attack. The web page opens up and warns the visitor that their computer is infected and that they need to call Windows support. There is even an audible message warning the user to call immediately or risk serious damage. However, just like a BEC attack, there is nothing “malicious” tied to the webpage. The damage occurs when the victim calls the number and falls for the scam.
Since this is an attack that occurs in the browser, Conceal felt it necessary to detect and prevent these threats. With the new SHERPA AI engine, we are able to analyze a potential threat deeper than URL reputation and even deeper than patterns in how the web page behaves. We look at the patterns in the content of the website and what the intent of that content is. When we see an anomaly in the patterns in the behavior, patterns in the structure, or patterns in the content of a webpage, we treat it as suspicious and intervene to protect the end user. In the case of this webpage, there are several elements that a true warning from a reputable technology company such as Microsoft would never include. Based on this, our browser extension warned the end user of the dangers ahead, something that’ solutions relying on full-time browser isolation are not capable of doing.
_____________
Valuable Outcomes
ConcealBrowse offers comprehensive protection against many sophisticated cyber threats, as recent threat reports exemplify. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to navigate the digital landscape with confidence, knowing that their online activities are shielded from potential harm.
Join the Conceal Community and claim your FREE ConcealBrowse licenses!
Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community committed to safeguarding your digital world.
Sign up for the Conceal Community and claim your free licenses by completing the form below.
