Example essay

GUEST TEST: Advanced Tools, Tactics Needed to Defend Latest Attack Variant — “DeepSea Phishing”

Phishing itself is not a new or particularly complicated threat. But the emergence of advanced phishing techniques – “DeepSea Phishing” – poses a whole new challenge to businesses.

Related: Deploy human sensors

Phishing comes with a simple premise – tricking someone into interacting with a malicious link, file, or credential entry, disguised as a legitimate email or website.

The financial impact of phishing attacks has quadrupled over the past six years, with the average cost to U.S. businesses rising to $14.8 million in 2021compared to $3.8 million in 2015.

Despite increased public awareness of cybersecurity risks and safe browsing practices, the impact of phishing has grown exponentially – IBM 2021 Cost of Data Breaches Report found that phishing was the second costliest attack vector for enterprises.

New tactics

This is so, in part, because growing awareness has prompted hackers to create even more sophisticated ways to steal login credentials or trick employees into clicking on a link infected with malware – AKA next-gen , or “DeepSea” phishing.

These attacks use new and rarely seen phishing techniques, often employing multiple layers of deception in parallel. Take this recent phishing attemptwhich has been identified by the Perception Point Incident Response team: The hackers first used an irregular URL structure to evade standard email threat detection systems and sent users a very convincing but bogus two-factor authentication.

Since web browsers see these malicious links as URLs, they automatically open, causing email recipients to unwittingly navigate to suspicious websites. In one case, a malicious URL led to a fake Microsoft login page, almost indistinguishable from the original – but for the deployment of next-generation detection techniques.

“Spear phishing” represents another example of the DeepSea methodology, in which malicious actors “scavenge” personal information (primarily from social media) about their targets to make each phishing attempt more personalized and seem more legitimate.

Current solutions

Enterprise cybersecurity traditionally prevents such attacks in two ways: staff training, giving employees the tools they need to recognize and report suspicious emails that land in their inboxes; with cybersecurity solutions, that prevent malicious emails from reaching inboxes in the first place.


Unfortunately, the first category is becoming less and less effective as phishing becomes more and more sophisticated, with email clones seeming more and more indistinguishable from the real thing. Regarding the latter, cybersecurity solutions that were once the industry standard are often unable to keep up with the rapidly changing threat landscape. This is partly due to the increased accessibility of phishing tools, with even phishing kits available for purchase by non-coding and amateur anglers.

Advanced solutions

Emerging cybersecurity tools can be designed with the digitalization of business and growing cloud adoption in mind, as opposed to legacy solutions that are slow and frustratingly inflexible. These more traditional solutions are generally not cloud-native, and even though they have been redesigned to work in a cloud environment, the changes often come with major downsides.

The increased agility of emerging technologies can better keep up with the rapidly changing threat landscape, deploying techniques such as:

•I amage recognition and natural language processing. These techniques can identify spoofing techniques or phishing attacks.

•Cloud native design. Advanced defensive algorithms are more dynamic, scalable and ready for automation).

NOTo-code services. These are easily adaptable pre-written code packages that save R&D specialists time in creating threat responses, allowing them to focus more on creative and preventative solutions.

Adaptable SaaS solutions can enable organizations of any shape and size to equip themselves with advanced threat protection suitable for rapidly changing business environments.

A prime example: the changing business environment, which emphasizes remote and hybrid working, requires internet connectivity for a growing range of collaboration tools and cloud storage. Traditional sandboxes only analyze 60-70% of the content passing through these interconnected channels. Instead, today’s enterprises must strive to cost-effectively screen 100% of incoming content, fast enough to support enterprise business processes.

Measurement results

But there is a catch: too many layers of protection can slow down these digital systems. Jumping through numerous precautionary hoops for every single process or action will frustrate employees at best and hamper their productivity at worst. Thus, the goal of the modern cybersecurity enterprise must be to empower businesses to balance between protection and productivity.

Metrics on the number of users reporting phishing, how many of these attacks are actual phishing, the variety of websites where phishing occurs, and more can help companies measure the effectiveness of their security solutions. cybersecurity.

These numbers should drop over time, but this is difficult to track, especially in large companies with thousands of incidents and reports. That’s why solutions automate specific cyber defense processes, or even entire ones, which means these systems can natively track KPIs and save a lot of time and energy for Security Operations Center (SOC) teams. ) besieged.

Phishing is not a new type of threat, but the emergence of advanced DeepSea Phishing techniques has created a new crisis for businesses. Such is the difficult task of modern cybersecurity – white hat solutions must be as fast, dynamic, determined, creative and relentless as the ever-evolving methods developed by black hatters.

Companies must take responsibility not only for providing state-of-the-art cybersecurity training to their employees, but also for investing in high-quality and rapidly adaptable defense solutions. If you fail, their vulnerabilities will become as plentiful as the fish in the sea.

About the essayist: Michael Aminov is co-founder and chief architect of Point of view, a provider of phishing detection and remediation systems. He was previously the chief architect of CyActive, which was acquired by Paypal; he is also a veteran of the Intelligence Corps of the Israel Defense Forces (IDF). He holds a BA in Computer Science from Ben-Gurion University of the Negev.

*** This is a syndicated blog from the Security Bloggers Network of The Last Watchdog written by bacohido. Read the original post at: https://www.lastwatchdog.com/guest-essay-advanced-tools-tactics-required-to-defend-deepsea-phishing-attacks/

Source link