Awareness Material

Fake Browser Updates Awareness Training | Attack Spotlight | Proofpoint

Access Free Content

Attack Spotlight provides infosec professionals with free, actionable content designed to arm end users against the most relevant real-world phishing attacks and lures being seen in the wild.

Trending Threat: Faker Browser Updates

Awareness Materials Based on Threat Intelligence 

The Proofpoint global intelligence platform analyzes billions of data points a day to deliver unmatched visibility into attack patterns and methods. This fall, we saw a dramatic rise in otherwise trustworthy websites compromised with SocGholish (also known as “FakeUpdates”) HTML injects. 

These injections enable attackers to display malicious, fake browser update windows. These attacks are notable because they reflect the user’s environment. Displayed content matches the user’s browser and, in some cases, is geotargeted.  

When downloaded, the script fingerprints the system and (if the user’s geolocation is targeted) executes the next-stage malware, delivering specific malware based on the presence or absence of Active Directory. Recent highly publicized Bitpaymer infections were also associated with SocGholish activity. 

Compromised Industry Sites Pose a Challenge 

Threat actors have been opportunistically targeting vulnerable content management systems, including WordPress and Drupal. However, many of the compromised sites contain industry-specific content. Because website operators are unaware of the compromise, they can unwittingly subject partners and customers to the fake browser updates by inviting them to view content on their site.  

Though any organization’s users could encounter compromised websites, we have seen frequent exposure to SocGholish in the following industries: 

  • Healthcare 
  • Financial investing 
  • Manufacturing 
  • Education 

Free Security Awareness Resources Now Available 

These fake updates (and other malicious pop-ups) can look realistic and credible. It’s critical that users be made aware of this type of threat, especially since it’s a method that attackers come back to again and again. Share our Attack Spotlight awareness materials to get your users up to speed.