Browser-Based Threat Report from Conceal

July 15, 2024 | Cybersecurity , Conceal
Phil Ward

Written by
Phil Ward

Conceal's weekly threat report for the week of July 8th, 2024, unveils critical insights into the ever-evolving landscape of online threats.

SHA-256: 729e392b11a76ff2fb748545f49d94f931da6f3dc29af27e463ce6d729416e93

 

On June 25th, Sansec published a report that polyfill.io, a previously benign website that was used to service websites with popular scripts, was delivering malicious code to its users. Unsuspecting visitors to sites infected with the code would be redirected to malicious pages, putting their devices and information at risk.

While it was initially estimated that approximately 100,000 websites were infected during this supply chain attack, further research has shown that this number might be much higher. Website administrators have been advised to ensure that any references to *.polyfill.js be replaced with secure alternatives. ConcealBrowse’s use of heuristics as well as intelligence from other security vendors is working to intervene against potentially compromised sites and keep users protected.

 


 

SHA-256: c60cc841ce01479c44bdb56807a19e39dc2644281be630c405a00cff33cb9593

 

Picture2

This page was detected by ConcealBrowse on July 2nd, the day after it was first caught by security vendors. It was initially detected by 10 vendors and is now currently detected by 22 due to phishing. ConcealBrowse intervened on this site with a 33% risk score and successfully identified the USPS brand impersonation.

This site is used in a popular attack that involves sending the potential victim a message saying that their package could not be delivered due to an issue at their address. The victim will then enter their personal information, as well as their payment information after being asked to pay a fee. This information is then used to commit fraud and potentially target the victim with more personalised scams and phishing attacks in the future. ConcealBrowse’s intervention on suspicious sites help users recognise their deceptive nature, protecting them from phishing attacks.

 


 

SHA-256: cfd6cadf021d221abdc209c0249837f1fe9788d382ac45893982f472632f0ca2

Picture3

This URL was first seen by security vendors in June and was detected by ConcealBrowse on July 2nd. Initially, only one security vendor was reporting the site as phishing, but there are currently fifteen vendors now flagging the site. ConcealBrowse intervened with a 31% risk assessment due to brand impersonation and suspicious behavior.

This site is involved in a document sharing phishing attack. The attack usually occurs when a user receives a deceptive email, typically from a contact they recognise. The email contains a link to a document that they are told to view with urgency. The phishing page states the user must validate their credentials before being permitted to view the document. While in an isolated session, all keyboard input is blocked. This means that users cannot enter their credentials into phishing pages, keeping their accounts safe from compromise.

 


 

Valuable Outcomes

As this recent threat reports exemplify, ConcealBrowse offers comprehensive protection against many sophisticated cyber threats. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to confidently navigate the digital landscape, knowing that their online activities are shielded from potential harm.

This report was created by Conceal - https://conceal.io/browser-based-threat-report-07-08-24/

 

Recommended reading

Women in tech panel: Insights on the current cybersecurity landscape

At last month’s Brigantia Annual Partner Conference, I had the pleasure of hosting a panel with four ...

Hornetsecurity’s AI-powered email threat protection

Email remains the most common target for cybercriminals, with over 90% of attacks originating there. As cyber ...

Guarding intellectual property: How Next DLP can shield your business from data loss

In today's work climate, protecting Intellectual Property (IP) is more critical than ever. With the ongoing ...