Phishers are always looking for a better brand to spoof and improve their success rates. They’re quick to switch out brands to keep their bait fresh, too. Keeping the tally of their favorites in a given period may afford insights into attack trends, but the better protection may be in identifying how they pick their favs to predict which brands they’ll likely target next. Armed with this data, predictive analytics may become the next top defensive maneuver against phishing attacks.
In the second quarter of this year, Microsoft Office 365 bumped Facebook off the top of the heap as the favorite brand to spoof, according to Vade Secure’s data. Spoofed Microsoft emails saw a 57 percent uptick in phishing URLs for the quarter. “As Microsoft continues to dominate the cloud market, it is becoming an even bigger target for corporate phishing attacks, but consumers should still be worried as well,” according to Vade Secure.
PayPal came in a distant second, with a 16 percent increase in phishing URLs, while Facebook dropped all the way to third after a 54 percent plummet in phishing URLs. Vade Secure credits Facebook’s recent aggressive security measures in the wake of the Cambridge Analytica scandal and international pressure to reduce fake news and fake accounts for the sudden drop in phishing URLs.
Attackers generally follow the money so it’s no surprise that seven companies in the financial services sector were in the Top 25 phishing targets. Bank of America saw the largest rise (135 percent increase) in phishing URLs. PayPal, Wells Fargo and Credit Agricole saw a slight rise, while Banque Populaire, Chase and USAA saw double-digit drops in phisher popularity.
The next highest-ranking industry was the cloud, with six such companies making the Top 25. Next was e-commerce/logistics (five companies), followed by internet/telco (four companies) and social media (three companies).
However, “the cloud dominated other sectors, representing 50% of total phishing URLs, followed by financial services (26%), social media (11%), e-commerce/logistics (8%), and internet/telco (5%),” according to Vade Secure’s data.
Microsoft and Netflix were both significant targets, with a 21 percent increase in phishing URLs aimed at the cloud industry. The big surprise was the three major cloud companies that saw double-digit declines—Google, Dropbox and DocuSign. Vade Secure found no definite reason for their sudden loss of appeal to attackers, noting in the case of Google, it could be an increase in efforts to guard Gmail accounts or the drop in corporate market share. The company didn’t hazard a guess at the reasoning behind the declines for Dropbox and DocuSign.
Predictive Analytics to the Defense
Vade Secure is a predictive email defense company. It uses a combination of AI, heuristic and behavioral analysis, along with data gleaned from millions of other mailboxes it protects, to predict and prevent email attacks. Using predictive analytics as part of the protective arsenal makes a lot of sense, which is why you’ll see an increasing number of vendors doing so.
However, security professionals stand to realize a significant gain in defensive posture if they deploy internal predictive analytics along with niche protective products for email and other communications. For example, by building a model using identifying inputs unique to employees and internal work patterns, predictive analytics can identify, predict and prevent both known and unknown threats much faster.
Think of it as a variation on the approach Vade Secure and other niche players are taking. They use multiple data sources and high volumes of data to train the AI. They also use more and varied inputs as points of comparison and detection in their models. If security professionals do the same by adding more internal data relevant to identifying or validating the source of communications, then predictive analytics becomes a serious obstacle to attackers. It can even be used to automatically determine and deploy a preventative defense before an attack occurs.
Look for more advances in AI, deep learning, machine learning and predictive analytics on the security front. In many use cases, they’ll be effectively layered and tied to automation for immediate responsive measures.
Just remember the bad guys have these same tools, too. Eventually you’ll be training AI for machine-to-machine combat. But then as is now, whoever has the most data and the best-devised models will win.
Always look to see how best to leverage the data you have and all the additional data you can find. Release the AI machines everywhere you can, aimed at “predicting and preventing.” If it looks like war games, that’s because it largely is.