Phishing attacks have become more sophisticated and challenging to detect, especially as employees work remotely, making it harder to protect against them. Din Serussi, incident response group manager at Perception Point, highlighted this concern during his presentation at the Black Hat USA conference. According to Serussi, phishing attacks are evolving, and traditional methods of detection may no longer be sufficient to prevent them.
Serussi pointed out that modern phishing attacks are increasingly difficult to detect due to their complexity. In the past, it took attackers a considerable amount of time to create a phishing template. However, artificial intelligence (AI) can now generate a phishing template within just 30 seconds, complete with a malicious URL and embedded malicious files. This advancement in AI technology has made it easier for attackers to launch phishing campaigns quickly and effectively.
During his talk, Serussi outlined several modern phishing tactics employed by attackers. One tactic involves using Cyrillic alphabet characters in a URL to disguise the malicious link. To the human eye, these characters appear to be normal text. However, upon closer examination, one can detect suspicious spaces between the different letters. By manipulating these characters, hackers can deceive users and bypass static text filtering employed by outdated security solutions.
Another technique that Serussi discussed is the use of a “browser within a browser.” Attackers leverage HTML and CSS code to open a browser tab or pop-up within the victim’s browser. These browser-in-a-browser attacks often come with an “https” URL, leading users to believe that they are on a secure website. While these attacks do not directly download malware, they can collect personal and credit card information, as they appear genuine. Visual analytics provided by security software can help identify and neutralize these attacks.
The rise of QR phishing, also known as “quishing,” is another alarming trend mentioned by Serussi. The use of QR codes in phishing attacks has increased by a staggering 800% this year. In this type of attack, the user is directed to a URL that appears legitimate on a mobile device, but the full URL is not visible, making it easier for attackers to trick victims.
To address these evolving phishing techniques, Serussi proposed utilizing browser extensions that offer advanced detection capabilities. By implementing 100% dynamic scanning, security solutions can detect and prevent malicious behavior within web browsers. This approach can also be extended to social media platforms and messaging apps, where phishing attacks are prevalent.
In addition to browser extensions, Serussi emphasized the importance of having visibility into credentials entered within managed browsers. By analyzing a week’s worth of entered credentials, compromised user accounts can be traced back to their source, providing valuable insights into the attack. Advanced security solutions can send alerts and take immediate action when suspicious activities, such as multiple password entries or work passwords used on non-work accounts, are detected.
Furthermore, Serussi recommended the adoption of data leak prevention technology to monitor and block unauthorized downloads of large files from shared drives. This technology can also disable specific users who engage in suspicious activities until their actions are thoroughly investigated.
To bolster overall security, Serussi stressed the importance of implementing a strong password policy and enforcing two-factor authentication. Additionally, a standard policy framework should be put in place to check for any correlation between the email domain and the IP address, helping to identify potential phishing attempts.
As phishing attacks continue to evolve and become more sophisticated, it is crucial for organizations to stay vigilant and adopt advanced detection capabilities. By leveraging innovative solutions and following best practices, businesses can better protect themselves and their employees from falling victim to these malicious campaigns.