Press Release: New Visual-AI phishing detection feature to slam the door on web and email phishing

Visual-AI company, VISUA, has launched a new visual phishing detection feature that can accurately overcome many of the key detection evasion techniques that bad actors use by analysing the content visually rather than architecturally.

Phishing, in all its forms, has become of such critical concern to so many companies and individuals that it has fuelled massive growth in the cybersecurity sector. By 2023, Forrester predicts the global spending on cloud security tools alone will hit $12.6 billion, up from $5.6 billion in 2018. This was a recent forecast from mid-2019, but a pre COVID-19 prediction.

Up to Aug 2019, the number of victims of phishing had increased by 59%, while BEC (Business Email Compromise) attacks had grown by a staggering 160%, compared to 2015 figures, according to Security.org. But research by Positive Technologies indicated a recent acceleration in growth of 22.5% in Q1 2020 compared to what was seen in Q4 of 2019.

Phishing technologies and methods are drastically improving too. According to Ironscales, it has allowed attackers to spoof the world’s top 200 brands to create 50,000 fake login pages. Nearly 5% (2,500) of the 50,000 fake pages were polymorphic, with one brand spinning out more than 300 permutations.

In this arms race, every new detection breakthrough is overcome by the bad actors with new obfuscation and evasion techniques. This is accelerated by the easy access to hacking and phishing kits, and even entire phishing services, available on the dark web. With more bad actors comes the increase in phishing emails that we have seen, which can cause critical logjams and delays in processing.

VISUA’s Visual Phishing Detection solution leverages the ability of Visual-AI to see the content as humans see it, but at machine speed, making it not only harder to evade, but also allowing faster detection and prioritization of the highest risk attacks.

Commenting on this release, Alessandro Prest, CTO and Co-Founder of VISUA said:

“This new feature slams the door on bad actors by using their key weakness against them. Despite all the obfuscation and evasion techniques, the web page or email must be displayed in full to the user who is to view it. By rendering in a sandbox and capturing the final output of the communication into an image, we can see what a typical recipient will see. We then analyse the graphic to identify high-risk elements, such as logos, favicons, special marks and imagery, like SSL padlocks in the content, plus anomalous URLs, high-risk text, like ‘Username’, ‘Password’, ‘Login’, and ‘Credit Card Number’, and other elements, like windows or popup frames around login forms.”

Alessandro continues, “We then create a risk score that is passed back to the phishing detection system, which allows them to prioritise which communications or pages to prioritise for further analysis, or which should be blocked.”

Declan McGonigle, VP of Sales & Marketing of VISUA adds: “During our scoping and development discussions with some leading anti-phishing companies, they highlighted that visual analysis of phishing attacks was a key requirement, but accuracy and speed was crucial. We’re delighted to confirm that the system delivers unparalleled precision and recall and operates in near real-time of one second or less. This innovation allows anti-phishing companies to deliver never-before-possible accuracy and speed in phishing detection without playing the cat and mouse games they currently endure.”