Exhibiting at the recent FS-ISAC Annual Summit 2017 at the Dolphin Convention Center (which could have doubled as a meat locker at times because it was so cold, while other times it could have been a large sauna it was so hot and steamy!), there was a mini-monsoon outside at one point. It was like Mother Nature was mimicking the downpour of cyber attacks confronting the financial services players at the event. It was a deluge!
Nearly all the financial services security experts I had the privilege of meeting and speaking with had been inundated with phishing and spear phishing attacks. The attacks have ranged from the easy to identify phishing attacks – like the phishing emails with more misspellings and grammar mistakes than a fifth grader’s forged note to their teacher from their “mom” – to the difficult to distinguish – spear phishing attacks in which the attackers have done their pre-texting homework, stalking the target on social media, copying contacts, crafting nearly perfect fake logos and URLs, and more.
But, the one thing that each FSI security pro I spoke with was most concerned with was not the volume of the phishing attacks, but the increased detail and sophistication of the attacks happening today. It’s incredibly difficult for many of these experts to identify a new email attack as spear phishing, let alone be identified and defused by today’s security offerings.
For example, one small bank endured a whaling attack targeting their C-level executives. They had multiple cybersecurity defense products in place to secure email, identify potentially threatening attacks, and more. But, these emails were crafted so well by the attacker that they evaded detection by every one of their defenses. Plus, the email that targeted their execs so closely resembled their corporate email template that it fooled one exec who clicked on the link, leading to a fire drill to protect the executive’s credentials and the bank’s data from theft, malware, ransomware or another form of attack.
In this small bank’s circumstance, and as with many of the new, sophisticated spear phishing attacks, the only sure defense is to eliminate the threat completely. But, you can’t stop users – particularly an executive – from accessing email. And, while you can ask them not to click on any web link, it’s still human nature to click on a link, particularly if the phishing email is well crafted and appears as though to come from a friend. But, you can ensure that any link that an executive or any other user clicks on is safe to click with isolation.
Integrating with existing mail server infrastructure assures that any email link is opened far away from a user’s device, such as in the cloud. This ensures that any malware payload associated with the email link cannot reach the user’s endpoint and infect their device or network, eliminating drive-by exploits and other related attacks. Also, websites can be rendered in a read-only mode, preventing users from entering sensitive information, such as user credentials, into malevolent forms, alleviating credential theft. And, with the email link launched in the cloud and any malware captured in a virtual container, once the user’s session is over, the virtual container is destroyed and with it the captured malware. No muss, no fuss.For more information on Menlo Security’s Phishing Isolation solution, please read our Phishing Isolation solution brief, our Phishing Isolation case study, or our report, “Anatomy of a Spear Phishing Attack.”