Target: IT Professionals (Elementary)

Tags: Phishing, Safe Workspace^®, Safe Browsing, NoCloud^® Anti-Phishing, Protection by containment™

A cyberattack targeting Microsoft Azure [1] has compromised numerous executive accounts and a significant leak of user data. In late November 2023, researchers from Proofpoint [2]
uncovered a malicious operation employing tactics for credential phishing and cloud account takeovers (ATO). This ongoing campaign uses personalized phishing baits via shared
documents. Specifically, these documents contain links under “View document” prompts. When users click these links, they are redirected to a phishing site designed to harvest their
credentials.

Staying Safe in the Digital World

To combat this threat, individuals and organizations must adopt preventive security measures. This includes educating employees about the signs of phishing emails, implementing
advanced security solutions, and regularly updating systems to patch vulnerabilities. However, 92% of the attacks start with phishing attacks targeting the human factor. However,
this attack used a simple lure text and malicious phishing link.

This is why we created BUFFERZONE^® Safe Workspace^®,   (that  it’s strategic concept is Protection by containment™) a suite of zero-trust solutions that consists of Safe Mail, NoCloud^® Artificial Intelligence (AI) Anti-Phishing, SafeBridge®, Content Disarm and Reconstruction (CDR), and Safe Browser, a secure browsing solution.

Safe Mail is a Microsoft Outlook plugin that uses BUFFERZONE^® SafeBridge^® to CDR emails and open links and attachments securely inside a BUFFERZONE^® secure virtual container. BUFFERZONE^® container isolates the browsing and file activity while keeping your computer safe from evasive attacks. In this phishing example, the lure link will be opened inside
our container and detected by our NoCloud^® AI anti-phishing technology. As a result, the next step of the attack is stopped, and the human factor security breach is minimized.
BUFFERZONE® NoCloud^® AI anti-phishing runs Deep Learning (DL) AI models on the endpoint leveraging Intel Neural Processing Unit (NPU) (Demo) without sending sensitive
or private data to the cloud.

Conclusion

Phishing attacks are too easy to create, and this is a stark reminder of the importance of cybersecurity in the modern era. As cyber threats evolve, staying informed and prepared is our
best defense against these digital dangers. By isolating threats and adding prevention capabilities to your existing detection solution with an intelligent phishing detection solution, the organization achieves the highest level of security and keeps IT simple.

References

[1] https://techreport.com/news/microsoft-azure-hit-with-the-largest-data-breach-in-its-history-hundreds-of-executive-accounts-compromised/

[2] https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Target: IT Professionals (Elementary)

Tags: Phishing, Safe Workspace^®, Safe Browsing, NoCloud^® Anti-Phishing, Protection by containment™

The threat of deepfake phishing is not only real but also escalating rapidly. Reports [1, 2] indicate that in 2023, attempts at deepfake fraud surged by an astounding 3,000%.
Cybercriminals exploit deepfake technology, utilizing synthetic videos, images, and webpages to bypass biometric security measures and orchestrate account breaches.

This surge can be attributed to the democratization of deep learning technologies. Previously, deploying these sophisticated AI algorithms required extensive data science
expertise or significant financial investment. However, a wide array of advanced, user-friendly AI models is available at minimal or no cost, eliminating the need for
advanced coding skills.

The trend towards more accessible generative AI technologies suggests that deepfake phishing attacks will only become more common.
While the proliferation of generative AI holds numerous benefits, it also lowers the barrier for malefactors looking to create authentic-looking fake content for nefarious purposes.

Even without the inclusion of deepfake capabilities, email phishing inflicts considerable financial damage on U.S. companies, averaging losses of $4.91 million [1].
Given the lucrative nature of these schemes and the relative ease of execution, it makes sense that cybercriminals will increasingly incorporate deepfakes into their
arsenal of attack methods.

Object detection is a crucial ability for defenders to identify the content of web pages and warn against fraudulent websites.
A recent study [3] shows that adversarial attacks on website logos are becoming more common and pose a threat to bypass artificial intelligence (AI) with AI.
Furthermore, a new attack using steganography [4] to bypass object detection has been discovered. As defenders become more sophisticated, so do the attackers.
We will delve deeper into these technologies in future blog posts.

Fight AI with AI

To combat this threat, individuals and organizations must adopt preventive security measures. This includes educating employees about the signs of phishing emails,
implementing advanced security solutions, and regularly updating systems to patch vulnerabilities. However, 92% of the attacks start with phishing attacks targeting
the human factor. However, this attack used a simple lure text and malicious phishing link.

This is why we created BUFFERZONE^® Safe Workspace^®, (that  it’s strategic concept is Protection by containment™) suite of zero-trust solutions that consists of Safe Mail, NoCloud^®
Artificial Intelligence (AI) Anti-Phishing, SafeBridge® Content Disarm and Reconstruction (CDR), and Safe Browser, a secure browsing solution.

Safe Mail is a Microsoft Outlook plugin that uses BUFFERZONE^® SafeBridge^® to CDR emails and open links and attachments securely inside a BUFFERZONE^® secure virtual container. BUFFERZONE^® container isolates the browsing and file activity while keeping your computer safe from evasive attacks. In this phishing example, the lure link will be
opened inside our container and detected by our NoCloud^® AI anti-phishing technology. As a result, the next step of the attack is stopped, and the human factor security
breach is minimized. BUFFERZONE® NoCloud^® AI anti-phishing runs Deep Learning (DL) AI models on the endpoint leveraging Intel Neural Processing Unit (NPU)
(Demo) without sending sensitive or confidential data to the cloud.

Conclusion

Phishing attacks are too easy to create, and this is a stark reminder of the importance of cybersecurity in the modern era. As cyber threats evolve, staying informed and
prepared is our best defense against these digital dangers. By isolating threats and adding prevention capabilities to your existing detection solution with an intelligent
phishing detection solution, the organization achieves the highest level of security and keeps IT simple.

References

[1] https://hackernoon.com/deepfake-phishing-grew-by-3000percent-in-2023-and-its-just-beginning

[2] https://onfido.com/landing/identity-fraud-report/?ref=hackernoon.com

[3] Apruzzese, G., Anderson, H. S., Dambra, S., Freeman, D., Pierazzi, F., & Roundy, K. (2023, February). “Real Attackers Don’t Compute Gradients”: Bridging the Gap Between Adversarial ML Research and Practice. In 2023 IEEE Conference on Secure and Trustworthy Machine Learning (SaTML) (pp. 339-364). IEEE.

[4] Sharma, G., & Garg, U. (2024). Unveiling vulnerabilities: evading YOLOv5 object detection through adversarial perturbations and steganography. Multimedia Tools and Applications, 1-20.

Target: IT Professionals (Elementary)

Tags: Phishing, Safe Workspace^®, Safe Browsing, NoCloud^® Anti-Phishing

After a hiatus of four months, the Bumblebee malware has resumed its activities, launching phishing campaigns against numerous U.S. organizations based on the detection of Proofpoint [1].

Identified first in April 2022, Bumblebee is recognized as a malware loader, crafted by the cybercrime groups Conti and Trickbot as an alternative to the BazarLoader backdoor.

This malware is frequently propagated through phishing efforts, deploying extra malicious payloads like Cobalt Strike beacons on compromised systems to facilitate initial access to networks and execute ransomware assaults.[2]

The recent phishing (lure) operation leveraging the Bumblebee malware masquerades as voicemail notifications under the “Voicemail February” theme. These emails were disseminated to a multitude of U.S. organizations from “info@quarlessa[.]com.” The messages include a link to OneDrive, directing recipients to download a Word document with names like “ReleaseEvans#96.docm,” or similar titles, falsely presenting itself as communications from the consumer electronics brand hu.ma.ne, renowned for its AI-enabled pin. This nefarious document activates macros to generate a script file within the Windows temporary directory, subsequently running the file through “wscript.”

The script file harbors a PowerShell command designed to retrieve and activate further instructions from an external server. This process leads to the download and activation of the Bumblebee Dynamic Link Library (DLL), named “w_ver.dll,” on the targeted system.

Staying Safe in the Digital World

To combat this threat, individuals and organizations must adopt preventive security measures. This includes educating employees about the signs of phishing emails, implementing advanced security solutions, and regularly updating systems to patch vulnerabilities. However, 92% of the attacks start with phishing attacks targeting the human factor. However, this attack is not a regular phishing attack but more as a lure to download the next phase of the attack.

This is why we created BUFFERZONE^® Safe Workspace^® (that  it’s strategic concept is Protection by containment™) suite of zero-trust solutions that consists of Safe Mail, NoCloud^® Artificial Intelligence (AI) Anti-Phishing, SafeBridge® Content Disarm and Reconstruction (CDR), and Safe Browser, a secure browsing solution.

Safe Mail is a Microsoft Outlook plugin that uses BUFFERZONE^® SafeBridge^® to CDR emails and open links and attachments securely inside a BUFFERZONE^® secure virtual container. BUFFERZONE^® container isolates the browsing and file activity while keeping your computer safe from evasive attacks. In the Bumblebee example, the lure link will be opened inside our container, and the downloaded file will be isolated and impossible to execute. As a result, it stops the next step of the attack and minimizes the human factor security breach.

Conclusion

The rise of the Bumblebee is a stark reminder of the importance of cybersecurity in the modern era. As cyber threats evolve, staying informed and prepared is our best defense against these digital dangers. By isolating threats and adding prevention capabilities to your existing detection solution, the organization achieves the highest level of security and keeps IT simple.

References

[1] https://www.proofpoint.com/us/blog/threat-insight/bumblebee-buzzes-back-black

[2] https://www.bleepingcomputer.com/news/security/bumblebee-malware-attacks-are-back-after-4-month-break/

Target: IT Professionals (Elementary)

Tags: Phishing, Safe Workspace™, Safe Browsing, NoCloud^® Anti-Phishing, Protection by containment™

Recently, the Qakbot Trojan has appeared as a significant threat in the cyber world, targeting computers through seemingly legitimate business email [1]. This new wave of cyber-attacks highlights the ever-evolving nature of cyber threats and the need for heightened vigilance in digital correspondence.

Qakbot, known for its deceptive simplicity, infects computers through business emails that often appear trustworthy. These emails, carefully crafted to bypass conventional security measures, carry malicious attachments or links that, once engaged with, start the infection process.

The sophistication of Qakbot lies in its ability to blend seamlessly into regular business communications, making it challenging for users to identify and avoid these threats. Moreover, its ability to infect office computers severely risks organizational data security and integrity. Microsoft [1] has recently issued an alert about the resurgence of Qakbot, which masquerades as an email from an IRS (Internal Revenue Service) representative. This attack, first noticed by Microsoft on December 11th, primarily targets the hospitality sector. The phishing email includes a PDF attachment, a guest list, with a lure message “Document preview is not available,” enticing recipients to download the PDF for a proper view. Unfortunately, clicking the download link leads to the downloading of an MSI file, which, upon installation, starts the Qakbot malware DLL, thereby compromising the system.

Staying Safe in the Digital World

To combat this threat, individuals and organizations must adopt preventive security measures. This includes educating employees about the signs of phishing emails, implementing advanced security solutions, and regularly updating systems to patch vulnerabilities. However, 92% of the attacks start with phishing attacks targeting the human factor.

This is why we created BUFFERZONE® Safe Workspace™ (that  it’s strategic concept is Protection by containment™) a suite of zero-trust solutions that consists of Safe Mail, NoCloud^® Artificial Intelligence (AI) Anti-Phishing, SafeBridge® Content Disarm and Reconstruction, and Safe Browser, a secure browsing solution.

Safe Mail is a Microsoft Outlook plugin that uses BUFFERZONE® SafeBridge® to CDR emails and open links and attachments securely inside a BUFFERZONE® secure virtual container. BUFFERZONE® container isolates the browsing and file activity while keeping your computer safe from evasive attacks. In the Qakbot example, the link will be opened inside our container, and the downloaded file will be isolated and impossible to execute. As a result, it stops the next step of the attack and minimizes the human factor security breach.

Conclusion

The rise of the Qakbot is a stark reminder of the importance of cybersecurity in the modern era. As cyber threats evolve, staying informed and prepared is our best defense against these digital dangers. By isolating threats and adding prevention capabilities to your existing detection solution, the organization achieves the highest level of security and keeps IT simple.

References

[1] https://www.bleepingcomputer.com/news/security/qbot-malware-returns-in-campaign-targeting-hospitality-industry/

Target: IT Professionals (Elementary)

Tags: Phishing, Safe Workspace™, Safe Browsing

In the evolving landscape of cyber threats, deciding the optimal attack method to penetrate the organization is always challenging. In this blog, we plan to present two effective methods that are significantly different from one another. The first is zero-day exploit threats. Zero-day uses new software or hardware vulnerabilities to penetrate the organization. Zero-day attacks are expensive and are usually exploited by governments and highly advanced criminal organizations. The cost of developing such an attack can easily reach millions of dollars and even more, depending on the complexity of the attack and its simplicity.  Once a zero-day attack is discovered, we usually refer to it as a one-day attack. One-day attacks are common in malware and can be used for years for example, a typical old exploit such as the Equation editor in Microsoft Office (CVE-218-0798) is still commonly used.  The lifespan of a zero-day, until it is detected, maybe days but span to years undetected. Zero-day and one-day attacks are scary; however, they require considerable resources to discover and exploit such vulnerabilities, making them less accessible to average cybercriminals.

Phishing continues to be a prevalent and cost-effective method for cyber-attacks. It involves tricking individuals into revealing sensitive information or downloading malicious software rather than exploiting technical vulnerabilities. Attackers find this strategy effective because it is low-cost and allows them to target large numbers of people easily. With the help of Artificial Intelligence (AI), attackers can craft advanced phishing attacks quickly. That’s why most attackers start with phishing to steal sensitive data, and regular-looking emails are the starting point for 92% of attacks.

Opening the Black Hat Europe conference, security researcher Daniel Cuthbert praised security improvements gained with the broader adoption of cloud computing, improvements in iOS, and tighter web security controls in Google Chrome, among other developments. According to Cuthbert, the industry is too fixated on zero-days, despite most cyber-attacks still proving successful using run-of-the-mill techniques such as phishing.

Can we protect against zero-day, one-day, and phishing attacks?

BUFFERZONE® Safe Workspace™ is designed to stop new threats, such as zero-day and one-day, based on patented application isolation technology.

BUFFERZONE® Safe Workspace™ for endpoints provides robust protection against all forms of downloaded and attached malware. By creating a controlled environment, Safe Workspace™ effectively contains and neutralizes potential threats before they can cause any damage. This advanced security solution alleviates organizations’ constant worry about threats such as USB-borne attacks, file-less malware, ransomware, and widespread phishing attempts.

BUFFERZONE® creates two distinct zones: a virtual trusted zone and an untrusted zone. Within the untrusted zone, users can freely browse the internet, open Microsoft Outlook links and attachments, and access removable media such as USBs. Meanwhile, the trusted zone remains securely isolated and is a gateway to the organization’s secure content.

We have developed a new anti-phishing detection AI solution that uses our NoCloud^®  AI inference technology. This technology prevents sensitive and private data from being uploaded to the cloud and uses advanced deep-learning algorithms to detect phishing attempts. By isolating the system, we can prevent evasive attacks and improve security against phishing attempts.

Keep your IT simple and effective.

Contact us for more details.

Target: IT Professionals

Tags: Malware, Phishing, Zero-Trust, Isolation

Cybercriminals have tapped into a vast network of fabricated and breached Facebook profiles, unleashing millions of deceptive Messenger messages aimed at Facebook business accounts, embedding password-theft malware [1].

The malefactors craftily deceive the recipients into downloading an archive (either in RAR or ZIP format), which includes a downloader for a cunning Python-based program designed to
extract stored cookies and passwords from the user’s browser.

The initial approach these criminals take is to send deceptive Messenger messages to business accounts on Facebook. These messages masquerade as copyright infringement notifications
or product information inquiries. An attached archive, when executed, retrieves a malware installer from GitHub repositories, cleverly bypassing detection mechanisms and leaving minimal footprints.

This attached archive not only delivers the payload (termed project.py) but also procures a standalone Python environment essential for the malware’s information theft activities.
For sustained malicious activity, it ensures the malware launches during system startup.

With a sophisticated design, the project.py file is layered with five stages of obfuscation, making it especially tricky for anti-virus systems to identify and neutralize the threat.

Guardio Labs has shed light on the staggering magnitude of this campaign, noting its vast reach. Their analysis reveals that 7% of all business accounts on Facebook have been in the
crosshairs, with about 0.4% succumbing to the temptation and downloading the malevolent archive.

However, it is important to note that for the malware to spring into action, users must execute the batch file. The exact count of compromised accounts remains a mystery, but given
the scale, it is conceivable the numbers are substantial.

What can we do?

The answer is rooted not in detecting the new attack variation but in its prevention. This is why we created BUFFERZONE® Safe Workspace™.

BUFFERZONE Safe Workspace™ is a comprehensive defense suite anchored in application isolation technology. This arsenal features the Safe Browser, SafeBridge® (boasting Content Disarm and Reconstruction functions), Safe Mail, and Safe Removable (geared towards thwarting USB-based attacks), all fortified with clipboard security. At its core, the Safe Workspace™ deploys a virtual container constructed by a kernel driver. This container bifurcates the operating system into dual logical realms:

Trusted Zone: A non-isolated region connected to the organization’s resources.

Untrusted Zone: Serving as a protective buffer, this zone enables various applications to operate in isolation, cordoned off from the memory, files, registry, and processes of the trusted zone.

Safe Workspace™ is a reliable solution that allows users to access USB (Universal Serial Bus) files, email attachments, and downloaded content. It provides a protective virtual container that isolates potential threats from the broader environment, ensuring that malware cannot reach or compromise sensitive organizational data. The virtual container is periodically deleted and rebuilt; detection engines can scrutinize it for added security. By containing potential threats in isolation, BUFFERZONE prevents malicious entities from proliferating within an organization.

By isolating the browser, all downloaded files are contained, the extracted files are not authorized to run, and the evasive attack will fail. BUFFERZONE® let third party detection scan the virtual isolated container. If part of the attack is detected the file can be quarantined and the environment can be cleaned in a few seconds.

References 

[1] Bill Toulas, Facebook Messenger phishing wave targets 100K business accounts per week  

https://www.bleepingcomputer.com/news/security/facebook-messenger-phishing-wave-targets-100k-business-accounts-per-week/