BLOG

Just as physical isolation helps keep us virus free in the age of COVID-19, browser isolation does the same thing for your laptop or mobile device. The basics of the technology are that another computer is placed between you and the big bad Internet. That other machine spins up in a cloud and does the risky browsing for you. Your device receives a sanitized version of the web, free from any threats that may be hiding on otherwise trusted sites. Browser isolation provides a “zero trust” approach to web browsing.

If you think the little green lock of https equals security, think again. The bad news is that the bad guys use encryption too. Many people mistakenly assume that as long as an SSL certificate is present, they’re safe from attack, but that couldn’t be further from the truth. From Reductor to Godlua and numerous other variants, it has become all too clear that new types of malware are being secreted behind a symbol that was once seen as secure.

In my last blog post, I made the case that increasing workforce mobility and enterprise cloud adoption will disrupt traditional cybersecurity stacks in 2020. I argued that organizations that didn’t take these macro trends into account and radically rethink their cybersecurity strategies were putting their users, systems, and data at risk.

Menlo Security has detected a sophisticated, multi-stage attack leveraging the current COVID-19 pandemic. Our data has shown that COVID-19–based attacks are much more successful than typical phishing attacks. The global pandemic is literally a life-or-death situation that is changing constantly, and people are trying to stay up to date with the latest developments. Cybercriminals have noticed and are adapting their attack techniques to take advantage of the heightened level of global anxiety.

There’s no doubt that the web is now the most important business tool for users. Critical systems such as ERP, CRM, collaboration and communication platforms, customer-facing apps, and other business tools that were once on-prem are moving to the cloud. Users can log on from anywhere and access all the information they need to conduct business on a daily basis.

The World Health Organization (WHO) raised the global risk of COVID-19 to a pandemic on Friday, March 11, signaling that things are likely to get worse before they get better. High-profile events around the world have been cancelled, and the status of the 2020 Summer Olympics in Tokyo is reportedly in limbo.

At Menlo, we believe that providing security without compromise is second only to our customer’s and employee's personal safety and health. So I wanted to share details about our commitment to maintaining service continuity.

Introducing cloud-based data loss prevention with Menlo Security

Safeguarding Internet access is a significant problem for most businesses. In a recent Verizon Study, 6.2 percent of all data breaches result from browser-based attacks. These attacks, including watering-hole and drive-by downloads, can be costly and might lead to massive damage to an organization’s reputation.

It’s easy to feel helpless as Covid-19 continues to spread throughout Asia and the rest of the world. Health professionals are urging people to avoid crowds and public spaces, forcing many workplaces—from factories to office buildings—to shut down. But business must continue. An economic downturn caused by the epidemic would only make things worse, preventing people from getting the help and resources they need while exacerbating impacts from the disease.

Bad actors never rest

Creating legitimate-looking fake communications from Google or Microsoft is easy and inexpensive. Novice attackers with little or no coding experience can purchase phishing packs on the dark web that they can customize and then send emails to specific targets based on social engineering intelligence. Free and compromised accounts can also be used as an attack vector , hosting documents that contain malware or links to fake web forms or other malicious sites.