SBN

GUEST ESSAY: Advanced tools, tactics required to defend latest attack variant — ‘DeepSea phishing’

Phishing itself is not a new or a particularly complicated threat. But the emergence of  advanced phishing techniques – “DeepSea Phishing” – poses an entirely new challenge for enterprises.

Related: Deploying human sensors

Phishing comes with a simple premise – lure someone to interact with a malicious link, file, or credentials-input, disguised as a legitimate email or website.

The financial impact of phishing attacks quadrupled over the past six years, with the average cost for U.S. companies rising to $14.8 million in 2021, compared with $3.8 million in 2015.

Despite increased public awareness of cybersecurity risks and safe browsing practices, the impact of phishing has increased exponentially – IBM’s 2021 Cost of Data Breach Report found phishing to be the second most expensive attack vector for enterprises.

Novel tactics

This is so, in part, because growing awareness has pushed hackers to create even more sophisticated means to plunder log-in information, or to lure employees to click on a malware-infected link – AKA next-gen, or “DeepSea” phishing.

These attacks use novel and rarely seen phishing techniques, often employing several layers of deception in parallel. Take this recent phishing attempt, which was identified by Perception Point’s Incident Response team: hackers first used an irregular URL structure to evade standard email threat detection systems, and sent users through a very convincing but fake two-factor authentication.

Because web browsers consider these malicious links to be URLs, they are opened automatically, compelling email recipients to unwittingly enter suspicious websites. In one of the cases, a malicious URL led to a fake Microsoft log-in page, almost indistinguishable from the original – but for the deployment of next-gen detection techniques.

“Spear phishing,” represents another example of DeepSea methodology, whereby malicious actors “scrape” personal information (primarily from social media) about their targets to make each phishing attempt more personalized and seem more legitimate.

Current solutions

Enterprise cybersecurity traditionally prevents such attacks in two ways: staff education, giving employees the tools they need to recognize and report suspicious emails that land in their inboxes; along with cybersecurity solutions, which prevent malicious emails from reaching inboxes in the first place.

Aminov

Unfortunately, the former category is becoming less and less effective as phishing becomes more and more sophisticated, with email clones looking increasingly indistinguishable from the real thing. Regarding the latter, cybersecurity solutions that were once industry standard are often unable to keep up with the rapidly changing threat landscape. This is in part due to the increased accessibility of phishing tools, with phishing kits even available to purchase by non-coder and amateur phishermen.

Advanced solutions

Emerging cybersecurity tools can be built with enterprise digitization and growing cloud-adoption in mind, as opposed to legacy solutions that are slow and frustratingly inflexible. These more traditional solutions are generally not cloud-native, and even if they have been refashioned to work in a cloud environment, the alterations often come with major drawbacks.

The heightened agility of emerging tech can better keep up with the rapidly evolving threat landscape, deploying techniques such as:

•Image recognition and natural language processing. These techniques can identify impersonation techniques or phishing attacks.

•Cloud native design. Advanced defensive algorithms are more dynamic, scalable, and primed for automation).

No-code services. These are easily adaptable packages of pre-written code which save R&D specialists time creating threat responses, allowing them to focus more on creative, preemptive solutions.

Adaptable SaaS solutions can allow enterprises of any shape and size to equip themselves with advanced threat protection, suited to rapidly changing business environments.

A prime example: the changing business environment, with its emphasis on remote and hybrid working, requires internet connectivity for a growing range of collaboration tools and cloud-based storage. Traditional sandboxes only scan 60 to 70 percent of the content traversing these interconnected channels – today’s enterprises must instead strive to cost-effectively vet 100 percent of incoming content — fast enough to support the companies’ business processes.

Measuring results

But there’s a catch: too many layers of protection can slow these digital systems. Jumping through numerous precautionary hoops for every single process or action will at best frustrate employees, and at worst, hinder their productivity. Thus, the goal of the modern cybersecurity company must be to empower enterprises at the sweet spot between protection and productivity.

Metrics around how many users report phishing, how many of these attacks are actual phishing, the variety of web locations where phishing occurs, and more, can help enterprises measure the efficiency of their cyber security solutions.

These numbers should drop over time, but that’s difficult  to track, particularly at large enterprises with thousands of incidents and reports. That’s why solutions that automate specific, and sometimes all of the cyber defense process – meaning these systems can natively track KPIs and save a lot of time and energy for beleaguered security operations center (SOC) teams.

Phishing is not a new threat type, but the emergence of advanced DeepSea Phishing techniques has created a new crisis for enterprises. Such is the challenging task of modern cybersecurity – white hat solutions must be as rapid, dynamic, determined, creative and unrelenting as the ever-evolving methods developed by the black hatters.

Enterprises must assume responsibility not only to provide top-notch cybersecurity education to their employees, but to invest in high-quality, quickly adaptable defense solutions as well. Fall short, and their vulnerabilities will grow as numerous as the fish in the sea.

About the essayist: Michael Aminov is Co-Founder and Chief Architect of Perception Point, a supplier of phishing detection and remediation systems. He was formerly the Chief Architect of CyActive, which was acquired by Paypal; he is also a veteran of the Intelligence Corps of the Israel Defense Forces (IDF). He holds a BA in Computer Science from Ben-Gurion University of the Negev.

*** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by bacohido. Read the original post at: https://www.lastwatchdog.com/guest-essay-advanced-tools-tactics-required-to-defend-deepsea-phishing-attacks/