By Eyal Benishti
The origins of fraud date back to the ancient Greek and Roman empires, when savvy merchants cooked up schemes to borrow money from lenders only to avoid paying back their debts. Fast-forward thousands of years and fraud is as prevalent as ever. Today enabled by technology, phishing is the most commonly used deception strategy. Despite advances in phishing prevention, criminals regularly send successful phishing emails as a means to impersonate a trusted source and entice a victim to give up some sort of sensitive information. Email phishing has been the primary attack vector used on some of the most devastating cyberattacks to date such as Anthem, Home Depot and Sony Pictures.
While hackers have been phishing on the web for nearly two decades, they’re now using more sophisticated strategies, tools and techniques to achieve their objectives. In fact, modern phishing scams can be so sophisticated that even the most phishing vigilant people routinely fall victim. Criminals are also directly targeting businesses and starting to use artificial intelligence to find vulnerabilities. And with a growing infrastructure of black market tools and how-to guides, nearly anyone can now create a complex phishing campaign.
The Phishing Timeline and the Search for Sensitive Information
Phishing can be traced back to the early 1990s when a group of hackers created an algorithm to generate random credit card numbers to create phony AOL accounts. They eventually moved on to masquerading as AOL employees, messaging people for their private information. When AOL caught on in 1996, it used the term “phishing” when warning its members about the phone messages.
The early days of phishing represented a ‘Wild West’ type environment where lone criminals tried and tested new techniques. InfoSec Institute reports that most schemes were poorly designed, had grammatical errors and were easy to spot. But by 2003, cyber criminals started registering phony domains that were strikingly similar to those used by popular companies. That year, criminals sent phony PayPal messages to spread the Mimail virus, causing more than $9 billion in economic damages around the globe.
Since then, criminals have continuously worked to refine their strategies. Luckily for them, the advent of social media made it easier to gather a plethora of personal information that could be used to create authentic-looking messages. Due to overwhelming success, these “social engineering” and “spear-phishing” strategies have grown significantly in recent years, and according to Verizon’s Data Breach Digest, 90 percent of all data breaches are now enabled by such tactics.
More Intelligent and Targeted Phishing Attacks
Phishing attacks of the past were usually poorly-designed and a numbers game that hit as many people as possible with the hopes that a few would bite. Nowadays, attacks are more targeted, designed to avoid detection and increasingly sophisticated.
Here are the five ways phishing attacks have evolved into complex threats.
- They individually target businesses – Many hackers now hand-pick individual businesses to target. Business Email Compromise (BEC) attacks reached record levels in 2017, and according to the FBI, have resulted in more than $5.3 billion in losses since 2015. In these attacks, the criminal will often pose as a company executive with a highly-targeted email to an employee, asking for information. Using domain spoofing they send a message that looks as real as any coming from the sender. They might ask the person to fill out a new service agreement for a vendor, complete a tax form, contract, or visit a spoof website to create an account or request money be sent via wire transfer.
- They are undetectable to signature-based security models – Many of these attacks are now designed to evade signature-based gateway detection, making it harder than ever for technology alone to identify these scams. The Webroot 2016 Threat Brief found that there has been a strong surge in recent years of polymphirc malware with 97% of it unique to a specific endpoint device.
- Criminals are creating better websites – Criminals are creating more phishing sites, and they’re becoming harder than ever to identify. An article at HelpNetSecurity revealed that some of these sites have lifespans of as little as an hour to avoid detection by web crawlers. And they often tend to mimic trusted companies like Google, Chase, Dropbox, PayPal, Facebook and Apple.
- Almost anyone can now perpetrate a phishing attack – It used to take a little technical savvy and knowledge to pull off phishing schemes. But cloud-based PaaS (phishing-as-a-service) solutions on the black market now make it possible for anyone to join in the game. A report by Imperva documents how potential scammers now have a whole infrastructure of tools at their disposal. Beginners can buy lists of compromised servers, templates of phishing scams and even guides on how to get started in the practice.
- Criminals are starting to use AI and machine learning to optimize attacks – Hackers are also starting to use machine learning and artificial intelligence to better identify target patterns and evade detection. Steve Grobman, chief technology officer at McAfee, told CSO Online that while these technologies will be cornerstones of tomorrow’s cyber efforts, “adversaries are working just as furiously to implement and innovate around them.” Artificial intelligence may help create malware that can better avoid detection and even scan for vulnerabilities and automate attacks.
The IRONSCALES Platform: Prevent, Detect and Respond to Modern Phishing Attacks
The IRONSCALES platform is designed for pre-and-post email delivery, always assuming that emails will pass through the prevention layer and find its way into the mailbox. The platform consists of four modules that work in tandem to prevent, detect and remediate email phishing at all phases of an attack’s lifecycle. The platform utilizes mailbox-level anomaly detection to analyze employees’ mailbox behavior to protect against hyper-targeted phishing attacks both before and after each bypasses’ gateway level solutions and lands in an inbox.
Our multi-layered and automated approach to prevent, detect and respond to phishing emails combines micro-learning phishing simulation and awareness training (IronSchool), with advanced mailbox-level anomaly detection (IronSights), automated incident response (IronTraps) and real-time automated actionable intelligence sharing (Federation) technologies. By providing protection at every stage of an email phishing attack, IRONSCALES’ customers reduce the time from email phishing attack discovery to enterprise-wide remediation from days, weeks or months to just seconds, with little to no security team involvement.
(From IRONSCALES blog).