In today’s world, most external cyberattacks start with phishing. For attackers, it’s almost a no-brainer: phishing is cheap and humans are fallible, even after going through anti-phishing training.
Patrick Harr, CEO at SlashNext, says that while security awareness training is an important aspect of a multi-layered defense strategy, simulating attacks during computer-based training sessions is not an effective way to learn, because people don’t necessarily retain the information.
“Working from home, where there are more distractions, makes it even less likely that people really pay attention to these trainings. That’s why it’s not uncommon to see the same people who tune out training falling for scams again and again,” he noted.
That’s why defenders must preempt attacks, he says, and reinforce a lesson during a live attack. When something gets through and someone clicks on a malicious URL, defenders must be able to simultaneously block the attack and show the victim what the phisher was attempting to do.
Latest phishing trends
Harr, who has over 20 years of experience as a senior executive and GM at industry leading security and storage companies and as a serial entrepreneur and CEO at multiple successful start-ups, is now leading SlashNext, a cybersecurity startup that uses AI to predict and protect enterprise users from phishing threats.
He says that most CISOs assume phishing is a corporate email problem and their current line of defense is adequate, but they are wrong.
“We are detecting 21,000 new phishing attacks a day, many of which have moved beyond corporate email and simple credential stealing. These attacks can easily evade email phishing defenses that rely on static, reputation-based detection. That’s why we typically see 80-90% of attacks evading conventional lines of defense to compromise the network,” he told Help Net Security.
“Magnify this by 150,000 new zero-hour phishing threats a week, almost double the number of threats versus a year ago, and we can safely say, ‘Houston we have a problem!’”
They are seeing:
- More text-based phishing, with no actual links, across SMS, gaming, search services, ad networks, and collaboration platforms like Zoom, Teams, Box, Dropbox, and Slack, as well as attacks on mobile devices
- A proliferation of phishing payloads beyond credential stealing scams which have been around for ages
- An increase in scareware, where phishers attempt to scare people into taking an action, such as sharing an email
- Rogue software attacks embedded in browser extensions and social engineering schemes like the massive Twitter bitcoin scam that happened in July
“Finally, we’re seeing cybercriminals trying out innovative ways to evade detection. For example, bad actors may register a domain that lays dormant for months before going live,” he added, and noted that they’ve witnessed a 3,000% increase in the number of phishing attacks since everyone began working and learning from home, and they expect this growth trend will continue.
Advice for CISOs
His main advice to CISOs is not to be complacent and to be diligent: near term, mid-term, and long term.
“You’ve got to take a comprehensive, multi-layer phishing defense approach outside the firewall, where your biggest user population is working remotely, and inside the firewall for your internal users. You need to protect mobile devices and PC/Mac endpoints, with end-to-end encryption (E2EE) deployed,” he opined.
“You also have to be mindful of corporate users’ personal side as their personal and business lives have converged, and many people use the same devices and same credentials across personal and business accounts.
Thirdly, this type of attacks need to be prevented from happening. “Use AI-enabled defenses to fight AI-enabled attacks. Fight machines with machines and adopt a preemptive security posture.”
Finally: some attacks inevitably breach all defenses and they must be prepared to quickly detect and respond to attack, and perform the necessary cleanup.
SlashNext announced the on-device AI mobile phishing defense for iOS and Android with natural language and link-based detection to protect users from the exponential increase in mobile-based SMS phishing (‘SMishing’) attacks.
Now SlashNext, customers and partners can benefit from the industry’s fastest and most accurate, 2.0 mobile AI phishing defense, protecting users from all forms of phishing across all their communication channels – SMS, email, social networking, gaming, collaboration and search – without compromising user privacy or performance.
In addition, telecom carriers can now offer a complete SMS phishing defense service to protect their subscribers from the onslaught of SMishing attacks.
“Bad actors know that SMS is one of the most popular ways to communicate in the new remote working and learning world,” said Patrick Harr, CEO of SlashNext.
“Our mobile app now brings the power of on device AI and natural language processing to protect against text-based SMishing attacks in addition to link-based and the significant damage that can arise. This is a perfect service for consumers, carriers and businesses alike.”
Moving from 1.0 human defense to 2.0 AI phishing defense
Today’s threat actors are leveraging new AI phishing methods, while most phishing detection services use legacy, 1.0 tactics like domain reputation, URL inspection, and human forensics to detect phishing attacks.
Organizations must start looking at next-generation, 2.0 phishing defense methods that utilize AI and dynamic analysis to detect threats. SlashNext exclusively focuses on 2.0 AI phishing defense by inspecting billions of URLs at cloud scale with virtual browsers that overcome sophisticated evasion techniques.
By leveraging natural language processing, computer vision, and behavioral analysis, SlashNext detects and blocks threats hours and sometimes days before vendors using 1.0 phishing techniques.
SlashNext Mobile AI Phishing Defense
SlashNext Mobile AI Phishing Defense offers anywhere, anytime, zero-hour protection against the broadest range of phishing threats with lightweight, cloud-powered apps for iOS and Android devices. A simple, intuitive user experience blocks threats, alerts users with a warning page and offers a safe preview with information about the threat.
Additional key features and benefits:
- Broadest range of protection: Protects against attacks on corporate and personal email, SMS, social media, messaging, and collaboration platforms by detecting credential stealing, rogue browser extensions, and more.
- Lightweight app: Negligible impact on battery consumption and device performance.
- No personal identifiable information (PII) or privacy risks: No network traffic or personally identifiable information leaves the device, so PII and user privacy remain secure.
- Real-time training: Simultaneously detects, blocks, and educates at the point of click to reinforce training and remind users about real threats.
- Easy deployment and management: Easily deployed and managed with leading UEM and Single Sign-On (SSO) solutions or SlashNext’s Endpoint Management System for complete, real-time visibility to phishing attacks across the user base.
Phishing database with unparalleled detection and predictive protection
The SlashNext AI phishing detection cloud with patented SEER technology, has the industry’s largest phishing database, delivering 99.07% accuracy and one in one million false positives.
SlashNext inspects billions of internet transactions and millions of suspicious URLs daily using virtual browsers to detect zero-hour phishing attacks across all communication channels– email, SMS, collaboration, messaging, social networking, and search services – up to 30 days before they are live.
So, when phishing campaigns launch, the threats are already blocked by SlashNext, and users are protected immediately.
AI Phishing Defense for PCs and MACs
The same level of phishing protection is also available with SlashNext Browser Phishing Protection.
Deployed as lightweight browser extensions for all popular desktop browsers (Chrome, Firefox, Safari, and Edge), it can be managed via leading UEM solutions or leading SSO solutions for simple user provisioning and management.