Up to Aug 2019, the number of victims of phishing had increased by 59%, while BEC (Business Email Compromise) attacks had grown by a staggering 160%, compared to 2015 figures, according to Security.org. But research by Positive Technologies indicated a recent acceleration in growth of 22.5% in Q1 2020 compared to what was seen in Q4 of 2019.
Phishing technologies and methods are drastically improving too. According to Ironscales, it has allowed attackers to spoof the world’s top 200 brands to create 50,000 fake login pages. Nearly 5% (2,500) of the 50,000 fake pages were polymorphic, with one brand spinning out more than 300 permutations.
In this arms race, every new detection breakthrough is overcome by the bad actors with new obfuscation and evasion techniques. This is accelerated by the easy access to hacking and phishing kits, and even entire phishing services, available on the dark web. With more bad actors comes the increase in phishing emails that we have seen, which can cause critical logjams and delays in processing.
VISUA’s Visual Phishing Detection solution leverages the ability of Visual-AI to see the content as humans see it, but at machine speed, making it not only harder to evade, but also allowing faster detection and prioritization of the highest risk attacks.
“This new feature slams the door on bad actors by using their key weakness against them.”
Alessandro Prest, CTO and Co-Founder of VISUA
“This new feature slams the door on bad actors by using their key weakness against them. Despite all the obfuscation and evasion techniques, the web page or email must be displayed in full to the user who is to view it. By rendering in a sandbox and capturing the final output of the communication into an image, we can see what a typical recipient will see. We then analyse the graphic to identify high-risk elements, such as logos, favicons, special marks and imagery, like SSL padlocks in the content, plus anomalous URLs, high-risk text, like ‘Username’, ‘Password’, ‘Login’, and ‘Credit Card Number’, and other elements, like windows or popup frames around login forms.”
Alessandro continues, “We then create a risk score that is passed back to the phishing detection system, which allows them to prioritise which communications or pages to prioritise for further analysis, or which should be blocked.”
A whitepaper document with greater detail can be viewed/downloaded HERE
“This innovation allows anti-phishing companies to deliver never-before-possible accuracy and speed in phishing detection without playing the cat and mouse games they currently endure.”
Declan McGonigle, VP of Sales & Marketing of VISUA