Blog

Target: IT Professionals

Tags: Malware, Ransomware Zero-Trust, Safe Workspace™, Safe Browsing

A recent report from Palo Alto [1] revealed that 2022 saw a major shift in ransomware delivery methods, with web browsing becoming the dominant vehicle for such attacks, accounting for 75.5% of occurrences. Conversely, once a popular method, email attachments fell to just 12%. This trend underscores that cybercriminals are increasingly exploiting less-protected vectors like web browsing instead of more traditional methods such as email. The evolution of email security has significantly reduced the success rate of email-based attacks, thanks to a combination of static analysis techniques, such as advanced antivirus signatures, dynamic analysis (sandboxing), URL analysis, and file or link reputation checks. Consequently, attackers are pivoting towards less guarded avenues, namely web browsing, highlighting the need for enhanced security measures to secure web browsing.

Attackers employed various methods to avoid web browsing detection, such as rotating URLs/hostnames and using popular platforms. Ransomware binaries were often delivered via compromised websites. Third-party apps were the primary entry vector in 8.2% of cases [1]. Multiple URLs and hostnames were utilized for the same ransomware, while the same URL delivered different ransomware variants. This tactic aimed to evade URL-blocking services. Ransomware gangs also exploit well-regarded domains and services to bypass existing security measures. Throw the browsing activity, the user may be lured to download a malicious file that may contain different attack chains that lead to ransomware or other malicious attacks.  Other web browsing attacks exist, such as phishing, water holes, and smart security paradigms are needed to protect the users. Moving from detection to prevention based on application isolation is a simple, cost-effective, zero-trust method you should know.

BUFFERZONE Safe Workspace™

BUFFERZONE Safe Workspace™ is a suite of prevention capabilities based on application isolation technology that includes Safe Browsing, SafeBridge® (Content Disarm and Reconstruction capabilities), and Safe Removable (USB attack prevention), all combined with clipboard security. Safe Workspace™ virtual container is created by a kernel driver, which virtually separates the operating system into two logical zones. The first zone is the trusted zone, which is connected to all the organization’s networks and the operating system’s files. The second zone is called the untrusted zone, which acts as a buffer zone where different applications can securely run isolated from the trusted zone’s memory, files, registry, and processes. This method offers advantages such as low CPU and memory footprint, high quality of experience, and the ability to seamlessly work inside the virtual container without noticing that you are protected from browsing and USB threats. BUFFERZONE® is the only virtual containment solution based on six patented technologies.

BUFFERZONE® Safe Browsing enables the user to securely browse inside the isolated container and be protected against evasive phishing attacks. Downloaded files are isolated in the container and do not have permission to be automatically installed and controlled by the organization policy and BUFFERZONE SafeBridge®.

Try us now.

References:

[1] Zeljka Zorz, Help Net Security, https://www.helpnetsecurity.com/2023/07/31/ransomware-delivery-2022/