Weekly Threat Report: July 22
This week's threat report covers the latest cybersecurity concerns, including the aftermath of the recent CrowdStrike outage. Malicious actors have exploited the confusion by creating fake domains that pose as legitimate services, distributing malware under the guise of fixes, and extorting users for payment. ConcealBrowse is actively blocking these domains, safeguarding users from potential compromises. Additionally, we explore a sophisticated shopping site phishing attack that uses fake verification pages to steal credit card information and a phishing campaign targeting university credentials, aiming to gain unauthorized access to sensitive information. Stay vigilant and rely on official channels to protect your data.
In the wake of the recent events involving Crowdstrike, many malicious actors have taken advantage of the outage and spun up domains that pretend to be legitimate services offering solutions for affected devices. These websites have been discovered by security vendors to be distributing malware while claiming it is a fix, as well as extorting vulnerable users by claiming payment is necessary to repair their systems. The chaotic nature of the situation may cause normally wary users to act without caution, putting companies and their systems at risk.
Users affected by this outage should be using official channels to communicate with Crowdstrike support and be on the lookout for fraudulent sites that are trying to exploit the situation. ConcealBrowse is taking steps to block newly created domains that are impersonating Crowdstrike support, protecting clients from compromises.
This site was first detected by ConcealBrowse on July 19th after being seen by security vendors in June. It is currently flagged by 15 vendors for phishing and malicious behavior. ConcealBrowse successfully identified the brand impersonation and isolated the site with a 28% risk score.
Shopping sites can be a popular target for threat actors because of the payment information that is stored on the account. The victim’s credit card could be used for fraudulent purchases, potentially causing financial hardship. Additionally, this page uses a fake verification page before delivering the victim to the credential harvesting form. Verification pages are used to try to provide the victim with a sense of security and make the deceptive site appear more legitimate. ConcealBrowse’s intervention blocks keyboard input and helps users recognize these phishing sites more quickly, keeping their information safe.
This site was detected by ConcealBrowse on July 17th, the day after other security vendors began reporting. It was initially reported by five vendors and is now currently flagged by eight for phishing. ConcealBrowse intervened with a 16% risk score due to the suspicious nature of the page’s contents.
This page is looking to steal credentials for a university. Compromising the account of an employee or a student can allow the malicious actor to impersonate them, utilizing social engineering to gain further access into the system. University records often contain sensitive information, such as full names and social security numbers, that could also be exploited. ConcealBrowse blocks all keyboard input while in isolation. This prevents unsuspecting users from entering their credentials into suspicious sites.
Valuable Outcomes
As this threat report exemplifies, the recent CrowdStrike outage has highlighted the persistent threat of malicious actors exploiting such incidents to distribute malware and extort users. ConcealBrowse’s proactive measures, including blocking newly created fraudulent domains and isolating high-risk sites, have proven essential in protecting our clients. By detecting and flagging phishing sites and malicious behaviors early, ConcealBrowse minimizes the risk of compromise and enhances user security. This week's report underscores the importance of using official channels for support, staying vigilant against phishing attempts on shopping sites, and safeguarding university credentials from social engineering attacks. Through these efforts, ConcealBrowse continues to ensure robust protection for individuals and organizations alike.
ConcealBrowse is leveraged by teams across the world to combat weaponized URLs. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.