Threat actors are constantly evolving their methods to go after the human attack surface with new kinds of phishing and social engineering techniques, tactics, and procedures. While credential-stealing remains popular, new types of phishing threats and direct-to-browser attack vectors are evading existing multi-level security controls. The introduction of next-gen antivirus and other similar technologies are making it harder for bad actors to deliver malware successfully, so they have become more sophisticated in delivering phishing and social engineering attacks.
Driving this point home, CSO recently reviewed 12 ‘Famous Social Engineering Attacks’ that wreaked havoc but could have been avoided with a real-time, zero-hour approach to phishing defense. Some are worth recapping.
In 2011, two employees at RSA Security opened an attachment they received via email. The attachment was titled “2011 Recruitment Plan.xls” which screams OPEN ME! They did and they unleashed a macro that installed a backdoor on their devices, reducing the effectiveness of their SecurID product. Ultimately, this cost RSA $66 million!
In 2015, Ubiquiti Networks found themselves victims of a business email compromise (BEC). Ubiquiti’s finance employees were sent an email claiming to be from a top executive requesting wire transfers to third parties. They lost an estimated $39 million before the attack was stopped. While Ubiquiti was the first victim of this type of BEC attack, the FBI stated that there were 2126 victims in 2013 alone – 1198 in the US – with losses totaling over $214 million!
In 2016, Russian-sponsored hackers tricked Hillary Clinton’s campaign manager, John Podesta, with a fake ‘account reset’ email appearing to be from Google. After confusion and suspicion, Podesta ultimately fell victim, giving the threat actors access to campaign emails. Hidden behind a bit.ly shortened link was myaccount.google.com-securitysettingpage.ml, a phishing URL.
In 2017, a phishing attack sent emails to Ukrainian targets with a word doc attachment containing malicious macro code. If disabled, users were shown a dialog pop-up box that looked like it was from Microsoft. If executed, the macro code installed a backdoor onto their device that allowed the attackers to access their microphone, so they could listen to their conversations.
These four attacks are just a drop in the bucket of the thousands of phishing and social engineering attacks that come every day. And they are getting more and more sophisticated, requiring zero-hour, real-time phishing threat intelligence.
SlashNext Real-Time Phishing Threat Intelligence is powered by SEERTM threat detection technology. SEER (Session Emulation and Environment Reconnaissance) uses virtual browsers in a purpose-built cloud to dynamically inspect sites with advanced computer vision, OCR, NLP, and active site behavioral analysis. Machine learning enables definitive verdicts—malicious or benign—with exceptional accuracy and near-zero false positives.
Here’s how it works:
- Through multiple live sources, SlashNext proactively scans billions of global Internet transactions and millions of suspicious URLs on a daily basis.
- Suspect URLs are rendered with millions of virtual browsers in the SlashNext threat detection cloud. SEER technology inspects the site with advanced computer vision, OCR, NLP, and active site behavior analysis.
- SEER analysis features are fed into machine learning algorithms which deliver a single definitive verdict: malicious or benign. There are no inconclusive threat scores and near-zero false positives.
- Malicious URLs, Domains, and IPs are continuously added to the SlashNext Real-Time Phishing Threat Intelligence feed and available in multiple machine-readable formats via Web APIs.
You can check this technology out yourself. Contact us to learn more or try SlashNext Real-Time Phishing Threat Intelligence free for 15 days.