Professional Documents
Culture Documents
How Modern Email Phishing Attacks Have: Organizations On The Hook
How Modern Email Phishing Attacks Have: Organizations On The Hook
Phishing has evolved from a mere nuisance into a Adam Conner-Simons, MIT CSAIL (04.18.2016)
global epidemic in which organizations of all sizes and
across all industries are being negatively impacted Artificial Intelligence predicts
at high frequency. In 2016 alone, the SANS Institute
revealed that 95% of all cyberattacks began with spear-
cyber-attacks significantly
phishing; the Ponemon Institute reported 86% of all better than existing systems
phishing attacks contain ransomware, and the Anti
Phishing World Group (APWG) discovered a 65% increase
by continuously incorporating
in phishing attacks compared to the previous year, input from human experts. - MIT
totaling 1,220,523 attacks wordwide.
Of all attack vectors, email remains the most commonly Knowing that the use of signature and rules-based
exploited for a variety of reasons. Malicious emails solutions continue as the status quo, attackers often
continue to easily bypass legacy SPAM Filters, firewalls, find their hacking tools and techniques relatively
and gateway security scans that still inexcusably rely on unchallenged by defenses that are limited to following
signatures and email content scanning when analyzing rules that hackers can easily subvert through spear-
messages. phishing and social engineering. Although there is almost
universal agreement by malware researchers to ditch
Secondly, due to human nature, it takes only a few YARA Rules and regular expressions, many email security
unaware or preoccupied users to download or click on solutions are lagging in doing so. In the meantime,
a malicious email link or attachment to inadvertantely many mid-sized and large organizations are investing
provide attackers with access to sensitive corporate millions in security awareness and training to help
networks and data. employees identify and report phishing emails in real-
time. But what most of the cybersecurity industry and
Thirdly, a report from FireEye cites the average time many organizations dont yet fully realize, is that to truly
from breach to detection being 146 days globally, and minimize the risk of email phishing attacks, machines
a colossal 469 days for the EMEA region, which means and humans must continuously work together.
early detection and alerts are as important as ever.
IRONSCALES combines human intelligence with machine
In the midst of phishing attacks becoming learning. By ditching rules-based email security,
exponentially more sophisticated and targeted, the IRONSCALES expedites the time from phishing attack
majority of email security providers continue to offer discovery to enterprise-wide remediation from months
signature-based and behavioral signature solutions or weeks to minutes or seconds, with minimal security
that scan links and attachments; determine domain team involvement needed.
reputation and verify sender-receiver relationship,
among other futile safeguards.
1. https://www.sans.org/reading-room/whitepapers/analyst/trenches-2016-survey-security-risk-financial-sector37337-
2. http://www.pymnts.com/fraud-attack/2017/phishing-attacks-hit-new-record-in2016-/
3. https://www.csail.mit.edu/System_predicts_85_percent_of_cyber_attacks_using_input_from_human_experts20%
2
IRONSCALES EMAIL
II.
PHISHING REPORT
Benefits:
THE KEY FINDINGS: IRONSCALES combination of human intelligence and
machine learning technology is the perfect anectdote
to combat the number of complex and micro-targeted
Approximately 77% of attacks targeted spear-phishing attacks that easily bypass rule-based
10 mailboxes or less spam filters.
22.6%
77.4%
10 mailboxes
and less
3
B. Blast Attacks Becoming More Micro-Targeted as The Analysis:
Attackers Test Drip-Campaign Attacks Attack duration is defined as the amount of time
that it takes an attack to stop perpetrating. Phishing
emails, comprised of the same attack, can be repeated,
THE KEY FINDINGS: repurposed and sent multiple times per year. These
findings suggest that:
0%
Days 30 60 90 120 150 180 210 240 270 300 330 360
4
C. Machine Learning Expedites Detection to The Key Analysis:
Remediation from Months to Seconds Today, sophisticated malware often comes with a delayed
execution mechanisim built in to help avoid dynamic
analysis, such as Sandbox Solutions, which look for
THE KEY FINDINGS: malicious patterns and behaviors in an isolated virtual
environment. Because of delayed execution, overburdened
security teams, too many false positives and a lack of
55% of attacks were discovered in incident response technology, the average time from
one minute or less detection to enterprise-wide remediation for phishing
email attacks worldwide ranges from weeks to months
Benefits:
75% of attacks were discovered in less IRONSCALES expedites attack discovery by combing
than 5 minutes human intelligence with machine learning, thereby
accelerating the mitigation and remediation processes
through automated response technology. The rapid
detection and remediation times are primarily the
False positive rate was as low as 2% result of:
on user reported attacks
1. IronSchool IRONSCALES user awareness training, puts
employees through vigorous gamified simulations of
experiential learning.
DETECTION TIME
2. IronSights IRONSCALES inline email security
More than technology, visually flags any malicious impersonation/
1 min spoofing attempts.
55.3%
4. Federation IRONSCALES real-time actionable
intelligence plugin for IronTraps, automatically protects
all other IRONSCALES users from ongoing phishing
attacks verified by trusted security analysts.
Less than
1 min 5. Integrations with Sandbox/Multi AV partners, such as
Check Points SandBlast, further help expedite detection
times by automating forensics.
Percentage of
all attacks DETECTION TIME (FIRST 30 MINUTES)
50%
40%
30%
20%
10%
0%
Minutes 0 5 10 15 20 25 30
5
D. Majority of Targeted Attacks Bypass Email Filters The Analysis:
Although brand spoofing attacks are on the rise,
IRONSCALES sees a low number of these attacks
THE KEY FINDINGS: because spoofs are more likely to be picked up by
traditional spam filters. However, email impersonations,
such as BEC and CEO fraud, are increasingly bypassing
Almost 95% of email phishing attacks traditional email security controls, especially those that
were highly-targeted campaigns, with target internal executives versus large brands.
the majority impersonating internal
commmunications teams or individuals Benefits:
(i.e. CEO fraud). IRONSCALES IronSights automatically discovers,
mitigates and remediates impersonation, CEO fraud
For every 5 brand spoofed attacks and brand spoofing attacks that bypass spam filters
identified by spam filters, approximately by inspecting and analyzing all emails at the mailbox
20 spear- phishing attacks bypassed level using deep scans and machine learning. Acting
the safeguard and went undetected. as an employees virtual security analyst, IronSights
validates sender reputation and authenticity, while also
assessing behavioral patterns in search of anomalies in
Top 10 Most Remediated Departments
communications.
MOST REMEDIATED DEPARTMENTS
All suspicious emails are visually flagged as soon as the
Operations
email hits the inbox, and a button inside the Outlook
Finance
toolbar enables instant notification to security teams
Sales
for further investigation or immediate remediation.
IT
Human Resources
Customer Service
Production
R&D
Logistics
Marketing
Management
Automated
Remediations 5% 10% 15% 20% 25% 30% 35%
DHL
Amazon
Paypal
Yahoo
Microsoft
Apple
Vodafone
Fedesx
6
DETECTION & REMEDIATION
III.
IMPROVEMENT WITH IRONSCALES
Automated
remediations AUTOMATED REMEDIATIONS OVER THE YEAR 2016
6000
5000
4000
3000
Detected by company
2000 empolyees (Report button)
Detected by employees in
1000 other companies
Detected by AV / Sandbox /
0 URL scanning (IronScan)
Q1 Q2 Q3 Q4
7
IRONSCALES is the leader in anti-email phishing technologies.
The first and only anti email phishing provider to combine human intelligence with machine learning
to automatically prevent, detect and respond to todays sophisticated email phishing attacks using a
multi-layered approach.
IRONSCALES expedites the time from phishing attack to remediation from weeks to seconds, with
minimal security team involvement. Headquartered in Raanana, Israel, IRONSCALES was founded by
a team of security researchers, IT and penetration testing experts, as well as specialists in the field
of effective interactive training, in response to the increasing phishing epidemic that today costs
companies millions of dollars annually. It was incubated in the 8200 EISP, the top program for cyber
security ventures, founded by alumni of the Israel Defense Forces elite Intelligence Technology unit.