Month: August 2023

Cybercriminals Turn to Web Browsing to Deliver Ransomware

Ransomware attacks have increased significantly in 2023 and the file encrypting malware is now used in around 20% of cyberattacks. Ransomware is used to encrypt business-critical files to prevent access, and a ransom demand is issued for the keys to decrypt the files. Most ransomware gangs also steal sensitive data before encrypting files and use double extortion tactics, where the ransom must be paid to recover data and prevent the stolen data from being leaked online or sold to other cybercriminals.

Ransomware gangs use a variety of methods for initial access to networks. Known vulnerabilities in software solutions are exploited, phishing is used to obtain credentials and for delivering malware downloaders, and ransomware is often delivered via the Internet. According to Palo Alto Networks, email attachments were the most common method used for initial access in 2021 and while still popular with many ransomware gangs, in 2022 web browsing was the most common ransomware delivery method. in 2022, email attachments were used as the delivery method in 12% of ransomware attacks; however, web browsing was the initial access vector in 76.5% of attacks.

Ransomware gangs compromise websites and use them to host their ransomware binaries and traffic is then sent to those malicious sites using a variety of methods. Links may be sent in emails and SMS messages with social engineering techniques used to trick individuals into clicking the links. Malicious adverts are often used – termed malvertising – to direct traffic to malicious sites. Many website operators have third-party adverts on their sites to increase revenue, and threat actors are able to sneak their malicious adverts in and display them on high-traffic websites. There have also been many cases of malicious adverts being displayed through Google Ads. Search engine poisoning is also used, where malicious web pages are created and search engine optimization (SEO) tactics are used to get the web pages to appear high in the search engine listings for specific search terms, often those likely to be used by businesses.

While most businesses have email security solutions in place to protect against phishing emails and block malicious attachments, they do not have adequate protection against these web-based attacks. Since web browsing is now such a common method of ransomware delivery, businesses need to ensure they are protected. The most effective way of blocking web-based ransomware delivery is to use a web filtering solution such as WebTitan Cloud. A web filter allows businesses to control Internet access by employees and prevent downloads of malicious files.

WebTitan Cloud is a 100% cloud-delivered web filtering solution that can be implemented in just a few minutes. Through the web-based Interface, businesses can configure category-based filters to prevent employees from visiting categories of websites that serve no work purpose and are commonly used to deliver malware, such as peer-to-peer file-sharing sites. WebTitan can be configured to block certain file downloads from the internet, such as executable files. This allows businesses to block malware and address the issue of shadow IT – unauthorized software downloaded from the Internet by employees. These unauthorized software downloads are a major security risk.

WebTitan is constantly updated with the latest threat intelligence. As soon as a malicious web page is detected, it is added to the WebTitan blacklist and users will be prevented from visiting that site. Any attempt to visit a blocked site will see the user directed to a local block page, ensuring threats are never encountered. If your business does not currently filter the Internet, give the TitanHQ team a call to find out more about WebTitan. WebTitan is available on a free trial so you can test the solution and see the difference it makes. Product demonstrations can also be arranged on request.

Cybercriminals Targeting Consumers with Fake Blockbuster Movie Downloads

Cybercriminals are targeting consumers looking to watch some of the big summer blockbusters such as Barbie, Oppenheimer, Super Mario Bros, and Guardians of the Galaxy: Vol. 3 and have been distributing links to download sites on social media networks such as Twitter. These links are not what they seem, however. Rather than getting an illegal copy of a movie to watch at home, the links direct people to phishing sites where they are required to enter sensitive data or to sites hosting malware.

It is no surprise that cybercriminals have jumped on the Barbieheimer bandwagon given the huge popularity of the films, and with less money available to spend on luxuries like cinema trips due to the current cost of living crisis, many people will attempt to download the films illegally.

According to NordVPN, Guardians of the Galaxy: Vol. 3 is the riskiest download with 38 concerns raised, including 19 malicious links, 13 phishing warnings, and 6 malware concerns. The second riskiest film was the Super Mario Bros. movie with 23 concerns, including 15 malicious links. Barbie, Indiana Jones and the Dial of Destiny, and other popular summer blockbusters were also being offered in an attempt to distribute malware. Researchers at Reason Labs report similar findings, with links to the new Super Mario Bros movie found to lead to a variety of malware downloads. 150,000 of its customers report that they were targeted with malware.

Malicious files may be relatively easy to identify. Rather than a video file, the downloaded file is an executable file such as a.exe file; however, malicious files may be hidden. Double extensions are often used, and since Windows hides known extensions, the true nature of the downloaded file may not be obvious. While cybercriminals are targeting consumers, businesses are also at risk. Many employees attempt to download pirated material at work and risk infecting their work devices with malware.

One easy-to-implement solution to protect against malware downloads from the Internet is a web filter. WebTitan is an easy-to-implement web filtering solution for businesses that can be used to carefully control the web pages that users can access, whether they are in the office or using work devices remotely.

Businesses can filter the Internet by category and block sites commonly used by cybercriminals for malware distribution – warez sites, torrents, etc – and known malicious websites where malware has been detected. The web filter can also be configured to block certain file downloads from the Internet such as executable files. Logs are maintained of all Internet access to allow employers to see the sites that users are attempting to access, allowing them to take action when employees are engaging in risky behaviors.

Malware is commonly distributed via the Internet and businesses that fail to implement controls are at risk. If you want to improve your defenses against malware, give the TitanHQ team a call and ask about WebTitan. The solution is available on a free trial to allow you to test the product in your own environment before making a decision about a purchase and product demonstrations can be arranged on request.