Phishing threats have transformed into sophisticated targeted attacks that go well beyond credential stealing. While credential stealing is still certainly a concern, the continually evolving phishing threats of today involve a sophisticated psychological manipulation of the end user to gain trust that allows the threat actor to access much more than credentials.
By targeting the human element, these phishing schemes prey on the weakest link in the network security chain. And while there are great security protocols that protect against email phishing attacks, many don’t protect the blind spot of network security. Ads, pop-ups, social media scams, rogue browser extensions, web-based “freeware”, IM and chat applications, are all phishing attack vectors that are part of today’s phishing threat landscape. In fact, there are 46,000 new phishing sites alone that go live each day, and most are active for just 4 to 8 hours. All it takes is one click from an unsuspecting employee to breach an organization.
Our own research has seen the concern cybersecurity decision-makers have for these advanced phishing attacks. Over half of respondents to our 2018 Phishing Survey named the growing number of phishing attack vectors beyond email as a “Top 3” concern in terms of potential phishing threats. The other top concerns involved the growing sophistication and realism of spoofed sites, and the difficulties in training employees to spot these new types of phishing threats, with almost two-thirds (64 percent) of IT security pros citing shortfalls in employee awareness and training as their top concern for protecting workers against social engineering and phishing threats.
The other component that makes these phishing attacks so concerning is that they happen in real-time and often don’t attack the device, the software, or even the network initially. By making the human end user the attack vector, today’s phishing threat actors get around most traditional security solutions. So, what can network security professionals do to protect their systems from these zero-hour phishing threats?
Join Mark McDaniel, our Senior Director of Technical Services, for a live demo on May 22, 2019 at 10am PDT to see first-hand what Real-Time Phishing Threat Intelligence looks like and how it can help you manage and reduce the risk of phishing attacks. Threat intelligence that covers new types of phishing threats is essential for understanding and defending again previously unknown zero-hour threats. In the webinar, Mark will demonstrate how our behavioral analysis approach and Session Emulation and Environment Reconnaissance (SEER™) threat detection technology works to identify today’s most sophisticated phishing threats, including:
- Credential stealing
- Rogue software
- Phishing exploits
- Social engineering scams
- Phishing callback C2s
You can register for this live demo here.