Webinar:
The Next Generation of Enterprise Browser Security
Icon Rounded Closed - BRIX Templates

Anti-Phishing

Phishing is a type of cyber attack. Attackers use deceptive techniques to trick users into revealing sensitive information, downloading malware, and exposing themselves or their organizations to cybercrime risks.

What is phishing?

Phishing attacks are the most common type of social engineering and can happen through web, email, text, or phone calls. They involve tricking people into giving information or assets to the wrong people. Social engineering attacks rely on human error and pressure tactics in an effort to divulge sensitive information such as passwords, credit card numbers and other personal information. 

The attacker typically masquerades as a person or organization the victim trusts—e.g., a coworker, a boss, a company the victim or victim’s employer does business with—and creates a sense of urgency that drives the victim to act rashly. Threat actors and fraudsters use these tactics because it’s easier and less expensive to trick people than it is to hack into a computer or enterprise network.

In fact, the most common initial attack vector for data breaches worldwide is phishing, responsible for 16% of global data breaches, according to the IBM Cost of a Data Breach Report 2023.

How do phishing attacks work?

Phishing attacks can pose a significant threat to enterprises, and it's crucial to be cautious reading unsolicited emails, messages, or requests for personal information.  These attacks work by exploiting human trust and tricking individuals into revealing sensitive information. Here's a typical overview of how a phishing attack works:

Setting the Stage

Attackers identify an intended target based on their level of access to sensitive information or systems and create a fake identity to initiate communication.

Delivery of the Phishing Attempt

Attackers are compromising known trusted sites or designing fake URLs that closely resemble legitimate ones in order to capture login credentials or other sensitive information. Phishing attempts can also be delivered through emails, SMS, or even phone calls usually containing urgent or enticing language to take immediate action.

Use of Social Engineering Techniques

Attackers will try to create a sense of urgency or fear to pressure the target into taking quick action and exploit trust by impersonating entities the target is likely to trust with familiar logos and messaging.

User Interaction and Information Capture

Many people click on links in phishing messages. They then provide personal information such as passwords, credit card information, or social security numbers. This information is given to potentially harmful websites.

Exploitation

Attackers will use stolen information to access user's systems, corporate accounts, and enterprise networks without permission. They will then commit identity theft, financial fraud, or other malicious actions.

What are some types of phishing attacks?

Attackers have created a variety of evasive techniques used in today’s phishing attacks to evade commonly deployed security tools such as Secure Web Gateways, Firewalls and Endpoint Security.  

Some of these evasive phishing techniques include:

Man-in-the-middle (MiTM) attack

A Man-in-the-middle attack is an attack where unauthorized 3rd parties intercept and alter the communication between two parties without their knowledge in an attempt to capture sensitive information like login credentials or session tokens, allowing attackers to impersonate the user or gain unauthorized access.

Multi-factor authentication (MFA) bypass

An MFA bypass attack is specifically used by cybercriminals to avoid or circumvent MFA tools in order to gain access to user accounts. These techniques bypass security measures such as unique passwords, digital tokens, and biometric authentication. They enable unauthorized access to important information and systems. They exploit trust in SSO platforms, like Okta, LastPass, and OneLogin, to gain unauthorized access to multiple services.

Legacy URL Reputation Evasion (LURE)

Threat actors capitalize on this technique by hijacking trusted sites, or by creating a new site and leaving it dormant until its URL/domain is trusted. They then use these URLs and destination sites to launch phishing attacks. The user opens the web URL believing it to be authentic, and because the URL is in a safe category, it is not blocked by web filters. Either malware subverts the user or the user willingly enters credentials for a credential theft attack.

SEO Poisoning

This commonly known URL evasion technique is used to manipulate search engine results in order to drive traffic to malicious websites. The attackers exploit the algorithms of search engines to promote their own content, often containing malware or phishing schemes.

Using legitimate cloud-sharing services

Attackers will use cloud-sharing platforms such as Gdrive or Box with trusted domains in order to avoid detection. These have become lucrative phishing avenues for threat actors for hosting malicious content or password protected files in credential phishing campaigns.

Other common phishing techniques include:

  • Phishing websites: fake websites that mimic the appearance of legitimate sites
  • Spear phishing: a more targeted form of phishing in which attackers aim to compromise a specific individual or organization
  • Email Phishing: fraudulent emails that seem to appear from legitimate sources, often with urgent requests or time sensitive
  • Smishing: phishing attacks conducted via SMS (text messaging) containing malicious links or requests
  • Vishing: voice phishing in which attackers use phone calls to manipulate victims

Why are modern phishing attacks so successful?

The browser has become the most widely used enterprise application as business users spend more than 75% of their working day inside web browsers according to Forrester. As a result, attackers have become hands on crafting their attacks. They have evolved their social engineering techniques to specifically target the browser and employ evasive techniques designed to bypass commonly deployed security tools.

chart showing how phishing attacks have grown more sophisticated over time

Enterprise security faces a challenge because security tools still depend on traditional network signals like Firewalls and Secure Web Gateways. These tools do not offer insight into specific browser behaviors, which means they cannot detect evasive phishing threats. Network and endpoint security tools such as firewalls, SWG, and URL reputation checks are unable to detect previously unseen phishing attacks because there is no signature or indicator of compromise (IOC) available to indicate that an endpoint or network may have been breached at that specific moment in time.

Even AI models trained on network-based telemetry fall short. While they derive their strength from robust datasets, their effectiveness lacks insight into specific browser behaviors. This forces IT and security teams to rely on network-based signature detection approaches, which can only identify known threats, and fail to block evasive phishing threats targeting the browser. 

As a consequence, these novel phishing attacks have become the tool of choice for attackers attempting to penetrate enterprise networks.  Even platforms like VirusTotal, which inspect items from over 70 of the world’s largest antivirus scanners and URL/domain blocklisting services, fail to flag evasive URLs and domains in sophisticated phishing.  This indicates that there is a clear need for improved visibility, enhanced security controls, and better protection from threats directly within the browser.

Browser Security white paper

Finding the right approach to protecting the browser

How are phish kits and generative AI tools used to accelerate phishing attacks?

To make matters worse, easily accessible phish kits (PhaaS) and ransomware-as-a-service kits (RaaS) today have simplified the process of launching sophisticated phishing attacks. These tools serve as comprehensive toolkits to empower attackers to accelerate their phishing campaigns.  

Generative AI tools like ChatGPT, have significantly reduced the barriers for attackers to launch more sophisticated and successful phishing campaigns. Attackers can produce thousands of phishing attacks with new threat signatures and fewer errors of common tell tale signs, all in a matter of minutes, posing an even greater threat to enterprises.  

They contain pre-packaged resources and provide attackers with the necessary tools such as pre-made templates and scripts to craft and effectively execute their malicious campaigns. These toolkits also make it easier for rudimentary attackers to create convincing and fraudulent websites or emails for the purpose of stealing sensitive information from its intended victims.

Why are phishing attacks today so dangerous?

The increase in remote work has significantly increased the attack surface for cybercriminals. Successful phishing attacks can lead to loss of confidential information, identity theft, data breaches and large scale financial loss for individuals and corporations.  

Due to the seriousness of these attacks and public disclosure requirements for data breaches, phishing attacks can cause significant reputational damage, loss of trust among supply chain partners and even regulatory issues for many businesses.  For these reasons, phishing attacks pose a significant risk to individuals and businesses and therefore it is crucial to stopping these attacks before they gain access to user systems and enterprise networks.

Furthermore, cybercriminals have the ability to also disclose or sell stolen information across the dark web, requiring certain government intervention which can sometimes bring heavy fines or other sanctions.

How do I protect my enterprise against evasive phishing attacks?

The browser is the business application enterprises can’t live without, but it has fallen behind from a security perspective. 

While web, email, and endpoint security do screen out some phishing attempts, the browser remains critically exposed to evasive phishing attacks. Existing enterprise security solutions, which rely heavily on known threat signatures or AI trained on network telemetry, continue to fall short in preventing the latest phishing threats and evasive techniques being used. This proves that existing defenses aren’t getting the job done, and that the browser remains the single greatest entry point for attackers and that we have to make a change.

Use browser security to defend against phishing attacks targeting the browser

Browser security offers the most effective phishing countermeasures against today’s sophisticated phishing attacks by delivering comprehensive visibility into every browser session.  This provides IT and security teams with actionable threat intelligence inside the browser enabling dynamic policy enforcement for zero-hour phishing, malware, and ransomware attacks targeting the browser. This allows IT and security teams to gain context-rich, actionable insights into browser-based threats that often remain hidden from other security solutions.

Other common steps that can help mitigate phishing threats include:

Phishing Prevention with Menlo Security

Menlo Security eliminates phishing attacks and reduces the browser attack surface with our Secure Cloud Browser by allowing enterprise security teams to properly manage their existing browsers, protect their users, and secure application access.  Menlo Security’s Browser Security solution is the only solution able to identify and dynamically stop evasive malware, zero-day web exploits and phishing attacks. 

In fact, Menlo Security is able to identify and block phishing attacks 6 days ahead of any other security vendor by using our AI powered browser security solution.  This ‘protection buffer’ significantly decreases the time between a user’s first access to a malicious site and the point at which one or more vendors on VT flag it as malicious.

diagram showing Menlo security technology offers a 6 day phishing protection buffer

Menlo Security’s Browser Security solution works across any device, providing end-to-end visibility into every browser session. It delivers real-time dynamic policy control to effectively stop evasive malware and zero-hour phishing attacks from infecting user systems and enterprise networks.