Phishers Add VM Detection to Evade Cyber Defenses

A virtual machine is, in essence, a computer inside a computer. They act just like real computers, but with the major difference that they exist purely in the virtual world of software. They’re not physical computers in their own right in the sense that you can put one on your desk. Nonetheless, they’re crucially important because they provide an exact simulation of a particular computer system — sandboxed from the rest of the system — that can be used for scenarios like testing out beta versions of software, running certain software and applications not designed for an operating system, accessing virus-infected data, and more.

cyber security

One of the many scenarios in which a virtual machine is used is if a cybersecurity company wants to work out if a website is being used for phishing. Like phishing emails that try to trick recipients into clicking a malicious link or entering confidential details, a phishing website attempts to fool visitors into thinking that they are using a legitimate site. However, while these websites can appear to be genuine, in fact phishing sites are designed to steal personal and financial data by persuading users to enter personal information.

Attackers are getting smarter

Cybersecurity firms use virtual machines to check the validity of websites, since virtual machines are isolated from the rest of the system. This reduces the potential negative impact of any malware or cyberattacks that could result.

But phishers are evolving their strategies accordingly. In order to bypass detection, some phishers are now using a JavaScript kit that checks to see if a browser is running on a virtual machine. If it discovers that this is the case, the webpage in question can be modified to show up as blank, rather than showing the phishing page that would ordinarily appear. It does this by using the WebGL API to determine the rendering engine that’s utilized by a browser visiting a particular site. If it determines that this is using a software renderer, such as SwiftShader or Virtual Box, with a color depth of less than 24-bit or the screen height under 100 pixels, the website will not display. These are conditions associated with the use of a virtual machine.

The exploit appears to be based on a 2019 article about using JavaScript to recognize virtual machines, posted by a vulnerability researcher.

The effects of phishing attacks on businesses

The effects of phishing attacks can be extremely damaging to targets. For an individual user, phishing could mean financial loss, such as the stealing of credit or debit card details which could then be used to make purchases by the attacker. While financial institutions protect their customers from fraud, detecting these transactions and claiming the money back can be a stressful, time-consuming process. Stolen login details, including passwords, could also allow hackers to access private information.

For businesses, the effects of such attacks can be catastrophic. This is particularly the case when phishing attacks lead to data breaches. This can result in extreme reputational damage to businesses, with the company’s name plastered across the media with associated phrases like “admit they lost 9 million customers’ data” or “targeted by hackers in large scale data breach.” This can make future, and current, customers extremely wary about using the company again in future, resulting in a loss of custom and company valuation. 

It can also invite regulatory fines, such as the approximately $27.5 million fine leveled at British Airways in October 2020 for a 2018 data breach in which upward of 400,000 customers’ personal details were exposed by criminals. Finally, breaches can impact the present running of the company. A phishing attack can be extremely disruptive to those who are targeted. They can leave staff unable to get their work done, customers unable to access critical online services, and assets or other crucial data damaged, destroyed, or stolen.

Protecting against advanced phishing attacks

Protecting against advanced phishing attacks is crucial. In-depth defenses need to be implemented. Educating employees and yourself about the threat of phishing attacks is an important step to take as well. 

But social engineering attacks – such as phishing – rely on human error. To add additional protections, consider deploying multi-factor authentication on your website or computer system. This means that users must be able to prove their identity with two or more pieces of authentication evidence. As a result, even if a password or other login details are stolen they alone will not be enough to grant access. Also Web Application Firewalls (WAFs) can be deployed to block malicious network access. For example, they can block — and warn administrators — about attacks such as malware injection or reflected XSS attacks that may come from phishing.

Phishing attacks can be extremely nasty. Those who instigate them are also getting smarter when it comes to making them harder to spot. But by employing the right measures users can protect themselves against them. Doing so should be a priority for any business or organization today.

Leave a Reply

Your email address will not be published. Required fields are marked *