A close look at common challenges in anti-phishing

Taking a deep-dive into the challenges within the anti-phishing industry.

Challenges in anti-phishing are becoming ever more difficult due to the increasing sophistication of evasion techniques employed by Bad Actors. 

In order for phishing detection systems to keep up with the developing technologies used by bad actors, cybersecurity professionals have to work very hard to keep pace, and so they study these techniques carefully. While there are countless techniques and approaches employed by bad actors, it can be said that there are six that provide particularly problematic challenges in anti-phishing. 

1. Time & Speed

Bad Actors know that it takes time for relevant data regarding domains, URLs, sources and any flagged items to be gathered, assessed and blacklisted. Ever the opportunists, the scammers take advantage of this fact by limiting the lifespan of fake sites by switching domains and URLs, often within mere hours or even minutes. In more advanced attacks they implement single-use URLs that simply die as soon as they’ve been viewed. In others, they use dynamic URLs and redirects that present the real site to the phishing detection system and switch to the fake URL once the link has been checked. Relying on blacklists is not, therefore, the answer. Real-time and on-time checks need to be implemented.

2. Complex Systems Take Time To Patch

Cybersecurity systems traditionally rely on patches for things like malware signals and blacklists, however, IT professionals tend to be reluctant to apply patches, particularly if it’s needed too often. Patching is also a complex consideration in major organisations, needing ample planning and often requiring servers to be taken offline. It can be risky, causing major outages and introducing unforeseen issues that take yet more time and resources to resolve. 

The big problem with this in cybersecurity is that these delays can give Bad Actors even more time to cause havoc. What is required to combat this challenge is a system that offers it’s detection capabilities outside the patching methodology, allowing the IT systems to run without disturbance while still stopping Bad Actors in their tracks. 

3. Massive Volumes

It has been reported that Q1 of 2020 saw the highest number of phishing attacks in three years. In March 2020 alone, 50,000 fake login pages were identified, spoofing the world’s top 200 brands. That’s an incredible volume in a relatively short amount of time, and they are just the ones that were detected. This brings us back to the importance of speed and real-time scanning. A phishing detection system that can check an email or link at the time of viewing by a user, and complete its check-in fractions of seconds, is critical.

4. Multiple Attack Channels

One of the biggest challenges in the anti-phishing industry is the fact that the attacks are both targeted and multi-channel. Once upon a time, these types of scams only occurred via email and on PCs. Now, every type of device, from PC to mobile phones, and every communication platform, from emails to social media and even voicemails, can be a conduit for an attack. 

One of the most common formats is social engineering: employing gamification on social media platforms which then shares a link, even automatically tagging connections, in the hope of ensnaring more victims. People trust their social media connections, so it’s a clever way of mining data from a wide range of sources. The task here for cybersecurity is staying a step ahead and predicting the next possible form of attack.

5. Bad Actors Employ Legitimate Technologies

Bad Actors use trusted technologies that we use in our everyday lives to make their communication seem more legitimate. Often, a business email server may come under attack if an employee unknowingly installs malware or spyware after opening a file on a Google Drive or Dropbox link. 

This proves challenging for Phishing Detection Systems because of the ubiquitous nature of the file storage/sharing solutions and the fact that they, therefore, need to check the file itself that is linked to.

6. Staff Training

Companies rightly spend a great deal of time and money on training staff in an effort to educate them on what red flags to look for in emails, social posts and on potentially threatening web pages. However, a joint study by Harvard and UC Berkeley universities has shown that even those considered to be extremely computer-literate are not always able to successfully identify a fake when they see them – even when they have been told what to look out for. The study showed that 40% of participants thought a fake site was genuine. This means that 4 out of 10 employees in any given company is likely to take action on a phishing website, compromising themselves and the company. It might be appropriate to note here, that all it takes for a company to be compromised is one person to take that action. 

This suggests that no matter how much training and awareness is employed in the workplace, relying on the average employee to detect and ignore fake communications is risky. What is required is a highly advanced and fail-safe detection system combined with training that educates staff on what to do when they receive communication that seems unusual in its request, like transferring a large sum of money to an arbitrary bank account.

There is a solution – Visual-AI

Considering these challenges in anti-phishing and the enormity of the risk involved if they are not overcome, it’s imperative that cybersecurity companies find the right combination of solutions in order to stay ahead of Bad Actors. Cybersecurity companies already make use of AI to analyse suspicious content using ‘fingerprinting’ and heuristic scanning among other approaches, but our Visual-AI in Anti-Phishing whitepaper outlines how Visual-AI can add an extra key layer to the phishing detection process that makes it an invaluable part of any phishing detection solution.

Download load the Visual-AI in Anti-Phishing Whitepaper here