Phishing has proven to be a successful, lucrative, and persistent threat vector that does not discriminate by industry or size of an organization. Traditional defensive measures against phishing attacks focus on shutting down the web page. This may address the immediate problem, is that really a fight? This reaction does little to stop the cybercriminal who is able to continue launching future attacks.
For us to truly evolve the fight against phishing, we need to combine the traditionally defensive posture with a proactive, aggressive strategy. This shift will allow us to disrupt the phishing supply chain and proactively go after kits and their creators on the distribution level instead of reacting to phishing sites that have been identified one-at-a-time.
Using in-depth, comprehensive intelligence can help us do a better job of fighting phishing instead of reacting to it. If we are able to provide context to threats by understanding where and how they manifest, we are able to better prepare, defend, and prevent future cyberattacks.
On average PhishLabs collects between four and 25 million spam samples a day. PhishLabs analyzed more than one million confirmed malicious phishing sites in 2015 that resided on over 130,000 domains. We shut down on average about 6,000 phishing attacks every month. PhishLabs is currently tracking more than 90 different threat actor groups.
How does all of this threat intelligence data help us deploy a more aggressive, offensive strategy? If we better understand the threat actors, we will be able to better protect, adapt, and react when cyberattacks occur. Phishing threat actors, through phishing sites and the kits used to create them, essentially provide all of the information that we need in order to defeat them.
We use this information to help with detection, kit clustering and URL pattern analysis. We are able to more quickly confirm malicious threats and get fewer false positives. Many of these phishing kits are made available through social media, like Facebook and YouTube, and then redistributed to a network of threat actors. This system creates a family tree.
When we identify similarities and establish connections, we can cluster kits into families, which, in essence, shrinks the phishing ecosystem as a whole. We also use this information to identify the most significant threat actors and overcome their anti-detection techniques.
Want to learn more about the techniques used to detect and mitigate phishing attacks? Watch the on-demand webinar Intelligence-Driven Detection & Mitigation: Evolving the Fight Against Phishing.
In this webinar, you will learn:
- The steps taken to disrupt and mitigate phishing sites
- How PhishLabs uses intelligence to proactively fight back and improve the prevention of targeted phishing attacks
- What we can do to better solve the phishing epidemic
Crane Hassold, Senior Security Threat Analyst, PhishLabs