VirusTotal recently analyzed its trove of malware and associated metadata to identify ways attackers abuse users’ trust of big digital brands. Specifically, attackers focus on co-opting trusted domains and branding materials like official logos and icons to trick users into downloading and installing malware.
Current “state of the art” in avoiding these types of attacks relies on training end users to identify non-obvious signs that trusted brands are being used maliciously, and by scanning files on the endpoint after a user has already downloaded them. We all know from experience that, regardless of how much training users receive, they far too often let down their guard when they believe they are interacting with a trusted party. Fortunately, Conceal takes over the task of distrusting everything and isolating malicious activity regardless of the user’s perception of safety. So, What Would Conceal Do to subvert these types of attacks?
As the VirusTotal report points out, many of these types of attacks rely not only on humans’ propensity to trust certain brands, but also on defensive systems’ propensity to trust certain domains. Fortunately, ConcealBrowse checks every URI accessed by users or loaded in the background by web apps. Even if most resources accessed via squarespace.com are trustworthy, Conceal’s decision engine identifies the specific URI’s that aren’t and isolates them from the user’s machine.
When a URI is flagged as suspicious, it is opened in a container in the cloud where it can’t cause harm to the user’s system. Additionally, any files downloaded from isolated sites are first scanned in the cloud so that they can be blocked before they are ever sent to a user’s device. In these cases, even if a user or a security system trusts a domain, ConcealBrowse doesn’t.
Trust No One
While the VirusTotal report specifically discusses the use of trusted branding in file icons, we’ve also all seen phishing sites that display a trusted logo to lull victims into thinking they can safely enter their credentials. Again, where a user might be tricked into trusting the attacker, Conceal distrusts the attacker for them.
Using computer vision technology, ConcealBrowse can identify when trusted logos and branding are being misused by attackers and can block phishing sites before the user ever has the chance to compromise their information.
What Would Conceal Do (#WWCD)?
Long ago, attackers figured out how to take advantage of peoples’ trust biases to bypass defenses designed to protect us from the untrustworthy. Fortunately, as more and more zero trust technologies – like ConcealBrowse – provide the necessary distrust, these types of attacks will become less and less successful.
We are excited to empower every individual to protect their personal data from cybercrime throughout this cybersecurity education campaign. Stay in the loop on all the great content we will be releasing by bookmarking our NCAM landing page.