world tour:
Join us for a live look at how Menlo’s Secure Enterprise Browser puts you ahead of attackers
Icon Rounded Closed - BRIX Templates

Phishing prevention with AI tools for zero-hour threats

Neko Papez
December 19, 2023
linkedin logotwitter/x logofacebook logoSocial share icon via eMail

New, undetectable attacks called zero-hour threats are the current danger for cybercriminals. Traditional cybersecurity solutions cannot detect these attacks, which pose a significant risk.

Over the past 30 days, the Menlo Labs research team has detected over 11,000 zero-hour phishing threats across our install base, impacting more than half of our customers. On a wider scale, SlashNext reports a 48% surge in zero-hour attacks in 2022, with spear phishing emails being the primary method (used in over three-quarters of cases) to steal user credentials. This credential harvesting is often the first step in a long, complex attack chain that leads to ransomware, data exfiltration, and cyber espionage.

It is clear that zero-hour threats represent one of the most disruptive and dangerous attack types in recent memory. With no threat signature to monitor for, traditional cybersecurity solutions have no way to detect these attacks until they have already breached an end point and are actively spreading through the network. But by then, it’s too late. Threat actors move swiftly, exploiting vulnerabilities within minutes of gaining access to enterprise systems.

Time for a tactical shift

To combat these zero-hour threats, organizations need to rethink how they protect their users. Zero-hour threats often hide in plain sight disguised as innocuous behavior, they are getting more successful at tricking users into clicking on a compromised link, visiting a malicious website, or entering their credentials into a fake login form.

Attackers are doing this with the help of generative artificial intelligence (GenAI) tools that are able to spin up highly accurate, highly targeted campaigns that look, act, and feel like legitimate content. Gone are the days of monitoring for misspellings, poor grammar, and shoddy Photoshop skills. Today’s phishing attacks are highly successful at using GenAI to mimic the world’s most popular brands – so much so, that even AI-powered threat detection solutions are unable to differentiate good versus bad content. Even newer AI models trained on network-based telemetry used to help accelerate detection capabilities still fall short because they are only as powerful as the information used to train them. And zero-hour threats have no existing digital signature to tip off these detection tools.

Gaining visibility into every web instance

Organizations need to see what happens in the browser when users click on websites during web sessions. Rather than sit back and wait to detect suspicious behavior on the endpoint or in the network, AI-powered detection tools should examine website attributes, user-accessed content, and login forms. This includes scrutinizing the site's host, ownership, and content.

Security teams need tools that help them detect methods that attackers use to bypass traditional cybersecurity solutions – such as with a captcha prompt, bypassing multi-factor authentication (MFA), or password-protected files – and create a risk score for every website during every web session. Assigning a risk score to each website during a web session enables specific controls, like read-only mode or blocking the website outright.

Cloud-based Browser Security Is the enabling technology. Moving the browser execution to a remote browser in the cloud tricks threats into deploying their payload away from the intended target. AI-powered tools can then analyze the threat in real time, determine its level of risk, and apply dynamic policy enforcement to prevent zero-hour threats based off the website intent – all without putting users, systems, or the organization at risk.

AI-powered threat detection tools are the key

Zero-hour threats are running ramshod over traditional cybersecurity tools, allowing them to gain initial access on an endpoint before spreading throughout the network. From there, they take over critical business systems, hold them for ransom, and exfiltrate sensitive information. Only with better visibility into every browser session can organizations detect and prevent these increasingly sophisticated threats designed to slip under the radar.

AI-powered tools can look at the specific attributes of each website, probe the content it hosts, and detect evasive techniques. It's time for us to embrace these advancements to ensure the safety of users, systems, and organizations wherever we conduct business.

Menlo Security’s AI-powered Browser Security solution offers real-time protection for web browsers, setting it apart as the only vendor in the industry capable of this feat. Learn more about our solution here.