author photo
By Kenneth Moras
Fri | Aug 9, 2024 | 5:18 AM PDT

In today's digital age, phishing has evolved into a sophisticated threat capable of deceiving even the most technically savvy individuals. No longer confined to suspicious emails, phishing now encompasses voice-based attacks (vishing), text-based scams (smishing) automated with phishing kits, and deepfake technologies. The common thread among most of these attacks is the web browser, as enterprise employees often interact with malicious content displayed there. This shift necessitates a proactive and technology-driven approach to cybersecurity.

Phishing tactics have grown increasingly sophisticated over the years. Initially, phishing attempts were relatively easy to spot, characterized by poorly written emails and obvious spelling errors. However, the advent of advanced technologies such as artificial intelligence (AI) has allowed cybercriminals to create highly convincing phishing attempts in various languages that can deceive even the most vigilant users.

Real-world recent examples of advanced phishing and social engineering attacks

To understand the severity of the current phishing landscape, let's delve into some real-world examples.

  1. KnowBe4 Incident: KnowBe4, a company specializing in cybersecurity training, fell victim to an elaborate scheme involving a fake IT worker. This incident underscores that even companies at the forefront of cybersecurity are not immune to sophisticated phishing attacks.
  2. Tech Executive Scam: A high-profile tech executive was tricked into transferring a significant amount of money to fraudsters using spear phishing techniques. This case highlights how cybercriminals target specific individuals by using data available using OSINT.
  3. LastPass Impersonation: An employee at a well-known tech company received multiple communications, including an audio deepfake of their CEO. This sophisticated attack used deepfake technology to create a convincing impersonation, demonstrating the lengths to which cybercriminals will go to deceive their targets.
  4. Finance Worker Scam: A finance worker at a multinational firm was tricked into paying out $25 million to fraudsters using deepfake technology to pose as the company’s chief financial officer in a video conference call, according to Hong Kong police.

These examples illustrate the evolving nature of phishing attacks and the necessity for advanced technological defenses.

Technological solutions to combat phishing

Given the sophistication of modern phishing attacks that are executed at scale using phishing kits, traditional security measures are no longer sufficient. Organizations must adopt advanced technological solutions to stay ahead of cybercriminals. Here are few promising technologies.

1. Locally running fine tuned Large Language Models (LLMs)

One promising technology is locally running fine tuned LLMs capable of analyzing audio calls and images in real-time. These models can detect anomalies and provide timely prompts to users, warning them of potential fraud. By leveraging advanced natural language processing (NLP) and image recognition capabilities, these systems can identify subtle cues that might indicate a phishing attempt.

Google has made significant strides in this area, demonstrating how locally running LLMs can identify phishing attempts during voice calls by analyzing speech patterns and content. For instance, if an employee receives a call from someone impersonating a CEO, the LLM can detect inconsistencies in speech patterns, tone, and language use, alerting the employee to potential fraud.

Benefits of locally running LLMs

  1. Real-Time Analysis: These models can analyze data in real-time, providing immediate alerts to potential threats while processing sensitive data on end user devices.
  2. Advanced Detection Capabilities: By leveraging NLP and image recognition, LLMs can identify subtle cues that traditional security measures might miss.
  3. Enhanced User Awareness: By providing timely alerts, these models can help educate users about potential threats or scams, enhancing overall security awareness.

2. Browser security solutions

DNS security solutions play a critical role in filtering out harmful content before it reaches the user by preventing access to known malicious domains. However, phishing attacks that utilize trusted domains can bypass these filters. Browser security solutions add an additional layer of protection by analyzing web content and behavior in real-time, identifying threats that have slipped past DNS filters.

Browser security solutions, often deployed as a web browser extension coupled with a SaaS application, play a crucial role in mitigating phishing risks. These solutions analyze site content, web scripts, and Document Object Model (DOM) elements to assess risk. By evaluating the context and behavior of web interactions, browser security solutions empower users to make informed decisions by nudging them or giving them a reason to pause by providing real-time warnings or guidance, thereby enhancing the organization's overall resilience.

Phishing attacks have expanded beyond emails and now thrive within the browser. Traditional security measures often fail to detect these sophisticated threats. Browser security solutions can intercept phishing attempts at the point of click, safeguarding users before any damage occurs. These solutions also allow enterprises to define specific criteria for malicious activity, such as blocking newly registered domains or browser in the browser attacks.

Benefits of browser security solutions

Phishing attacks often exploit vulnerabilities within the browser environment. As users interact with various web-based applications and content, they become susceptible to sophisticated phishing attempts that traditional security measures may not detect. Browser security solutions provide several critical benefits.

  1. Contextual Analysis: These solutions analyze the content and behavior of web interactions, providing a comprehensive understanding of potential threats.
  2. Real-Time Protection: By intercepting phishing attempts at the point of click, browser security solutions can prevent users from engaging with malicious content.
  3. Customizable Security Policies: Enterprises can define specific criteria for malicious activity, tailoring their defenses to their unique security needs.

Source: keepaware.com

Browser security solutions can:

  • Block Access to High-Risk Websites: These solutions can block access to websites hosted in high-risk countries or newly registered domains, which are often associated with malicious activity.
  • Detect and Block Phishing Kits: As an example, support scams often employ predictable tactics, such as making the webpage fullscreen to simulate a locked computer, playing alarming audio, or displaying false IP information. Browser security solutions can recognize these patterns by performing deep DOM and browser property inspection and block such phishing kits, preventing users from downloading malicious software.
  • Isolate Suspicious Sites: Sites with typosquatting domain names can be blocked, preventing users from engaging with potentially harmful content. Rules can be written within the browser security solutions to block similar-looking domains. For example, if Okta is being used as an IAM provider, various combinations of similar-looking domains pertaining to your organization can be blocked by writing specific rules within the browser security solution.
  • Prevent Data Leakage: By preventing the copying of sensitive data to public AI systems or unauthorized cloud services, browser security solutions can mitigate data leakage risks. Various specific rules can be written, for example, preventing copying and pasting source code or sensitive data (e.g., Social Security numbers) to ChatGPT by writing these rules within the browser security solution. Due to the deep context on the browser profiles, these solutions can be used to write smart patterns where DLP rules allow data uploads to corporate Google Drive but block uploads to personal Google Drive. The flexibility in writing specific DLP rules is endless due to the strategic place where browser security products operate.

    Source: keepaware.com

  • Detect Brand Impersonation: Using optical character recognition (OCR) technology, these solutions can detect and block sites impersonating other brands, preventing phishing attacks that rely on brand spoofing. Various support scams impersonate well-known brands such as Apple, Microsoft, Okta, etc., and these rules, when embedded within browser security solutions, can effectively block or warn users before interacting with such content.
  • Control Malicious Browser Extensions: Browser security solutions can control and block malicious browser extensions, preventing them from exfiltrating sensitive data.

3. Combating deepfake with deepfake technology for good

The same deepfake technology, while mostly associated with malicious activities, can also be used for good especially for various training use cases. Conducting regular vishing awareness simulations—like demonstrating deepfake AI-generated recording calls from the CEO (with their consent, of course)—during onboarding or annual security training can drive home the importance of vigilance. These scenarios should be realistic and tailored to your organization, emphasizing the need for strict adherence to security protocols. Using AI for effective training is a great use case of using deepfake technologies to combat the risks stemming from deepfakes.

Example illustration demonstrating the ease of creating realistic trainings using AI

Benefits of using deepfake technology for training

  • Realistic Simulations: Deepfake technology can create highly realistic simulations, making training exercises more impactful.
  • Increased Awareness: By exposing employees to realistic scenarios, these simulations can enhance overall awareness and vigilance.
  • Tailored Training: Organizations can tailor these simulations to their specific needs, ensuring that employees are prepared for the types of threats they are most likely to encounter.

Key takeaways

Phishing tactics are continuously evolving, leveraging trusted domains and sophisticated techniques. Traditional security measures alone are insufficient. Integrating browser security solutions provides the necessary visibility and control at the point of attack—the web browser. Organizations must adopt these advanced technologies to stay ahead of evolving threats and protect their sensitive information.

Phishing risks require a multifaceted approach that leverages advanced technologies like locally running LLMs and browser security solutions. By integrating these tools and enhancing security awareness training, organizations can build a robust defense against sophisticated phishing threats and ensure a safer digital environment for their employees.

Organizations must adopt a proactive and technology-driven approach to cybersecurity, regularly updating their protocols, investing in continuous training, and implementing a multi-layered security strategy. By doing so, they can build a robust defense against the ever-evolving threat of phishing, ensuring a safer digital environment for their employees and protecting their sensitive information.

This comprehensive approach, along with deploying phishing resistant authentication, not only mitigates current phishing risks but also prepares organizations to tackle future challenges, staying one step ahead of cybercriminals.

Comments