Beyond Security Awareness: Detecting Phishing Attacks
Did you see the most recent State of the Phish report?
The pandemic and work from home damaged our collective security awareness efforts.
Let’s look at some critical results uncovered by this industry benchmark study. And then, we’ll consider an innovative option that can succeed where end-users might fail during phishing attacks.
End-user security awareness challenges
The report, which looks at phishing knowledge and experiences of working adults in multiple countries, found a year-over-year drop in the understanding of basic cybersecurity terminology. Here are some key points:
- Only 53% of working adults can now correctly define the word “phishing.” This number is a 16% decrease from the prior year.
- Bulk phishing attacks and spear-phishing attacks are both increasing.
- Organizations report more than a dozen consequences of successful phishing attacks. Among the impacts were account compromise, ransomware infections, and reputational damage.
And these trends are happening against a troubling backdrop: sophisticated phishing attacks are getting so good that the human eye, and the hardworking employee, may be unable to detect them.
We need another weapon in our arsenal to short circuit these attacks and reduce their risk.
Phishing detection: end-users vs. technology
If you are in IT or cybersecurity, you may have seen this side-by-side comparison of a legitimate Apple website and its evil twin, which is a fake site that steals your credentials as you attempt to login.
Almost no one can tell the difference here just by looking. So how do our end users have a fighting chance against an attack like this?
This is a crucial question for a variety of reasons.
- Because many employees re-use passwords, entering their credentials on a phishing site could lead to a compromise of your network
- This type of compromise can make you a cyberattack sitting duck. For example, Initial Access Brokers (IABs) use phishing attacks to gain silent access to an account on your network, and they sell that access to ransomware groups on the dark web.
- One type of cyber attack (phishing) often leads to another.
How can you interrupt this chain of events and protect your organization? Let’s explore a powerful option.
An innovative approach to detect advanced phishing attacks
The Apple example (above) is a single example of a more significant problem.
“We see near matches for sites like Facebook, for banks, all sorts of organizations, almost pixel for pixel, copied examples of the real page. So a human may not catch it.”, says Andrew Fast, LiveAction Chief Data Scientist.
“This is why we need a machine learning approach. Our approach looks at the web traffic coming in. It turns out that the packet dynamic signature of phishing websites, whether that is the fishing infrastructure, or the actual pages that they are serving up, is detectably different than the majority of traditional websites on the internet.”
In fact, his team used his ThreatEye platform to test the Apple sites above. Now see the results for yourself, below:
The machine learning model reveals the Apple site on the right is the malicious phishing website. Network defenders will know this, even the attack fools someone on the network. That’s because the NDR platform generates automated, risk-scored, and Mitre ATT&CK labeled alerts.
This is the technology piece of detecting and breaking the attack chain caused by phishing. And it applies to all kinds of advanced threats, like ransomware, insider threats, and more. But what about the end-user?
A new opportunity to improve security awareness
How can we improve the human layer of our phishing defenses? There certainly are opportunities.
For one thing, the State of the Phish report found that although most organizations give employees security awareness training, fewer than 4 in 10 organizations do so for remote workers. So that is one place to look.
Another key opportunity is giving your users a report button to let IT and security know about suspected phishing emails or sites they come across. That harnesses the power of human intelligence against phishing attacks.
And human intelligence along with machine learning and packet dynamics is a powerful combination to fight this type of threat.