On March 15, 2020, the CDC announced gatherings of 50 or more people be canceled for the next eight weeks, marking a pivotal point in the 2019 Novel Coronavirus. The CDC needed to make a strong recommendation to limit the spread of the virus, and on this day, there were 3,000 cases in the US, and airports were in chaos due to new screenings.
With our daily livelihoods changing right before our eyes, bad actors online started to see this chaos as an opportunity. SlashNext Threat Intelligence researchers identified that in the days which followed, we saw a +3000% increase in COVID-19 themed Phishing URLs. With no sign of slowing down, thousands of new phishing pages are launched hourly to steal personal information, corporate data exfiltration, and credit card fraud.
Fig. 1: Credential stealing phishing site of the World Health Organization (WHO)
A phishing site SlashNext discovered this week (Figure 1) pretending to be owned by the World Health Organization (WHO), asking users to verify their email using O365, Yahoo, Gmail, Zimbra, and many of the corporate and personal platforms. Access to a corporate email account can cause rippling damage across an organization as bad actors leverage that one account to carry out lateral attacks within an organization and extend to its vendors.
Since March, the rise in phishing URLs has been sustained with other such similar sites providing information for vaccines, and ventilators also asking users to verify their credentials to access such information.
Harness the Power of Real-Time with SEER™ Technology
SlashNext’s patented behavioral phishing detection technology uses millions of virtual browsers to detect unknown threats with unmatched accuracy. SEER™ (Session Emulation and Environment Reconnaissance) is a scalable, cloud-based threat detection technology that uses computer vision, NLP, and OCR, to dynamically inspect page contents and server behavior. Sophisticated machine learning algorithms and virtual browsers perform rich analysis to accurately detect zero-hour phishing threats and numerous enrichment artifacts.
This unique combination of techniques sees through evasion tactics and accurately detects phishing pages, even those hosted on compromised websites and legitimate infrastructure. It also follows through on all URL re-directs and performs run-time analysis on the final page of multi-stage threats.
With growing enterprise mobility requirements and higher numbers of remote workers, properly securing mobile and remote users causes IT and security teams to rethink their endpoint security strategies. To see how you can protect your remote workforce from the growing number of sophisticated phishing threats contact us to request a demo of our endpoint products today or watch a video demo to see how our phishing detection improves automation in SOAR and SIEM platforms.