Human nature is one of the most exploited vulnerabilities by attackers, and distractions during a busy workday only compound the issue. A distracted workforce is more likely to click on seemingly legitimate links and email attachments, and there's nothing like a global pandemic to distract people. This is why it is critical to have the right solutions in place to detect and block attacks via malicious emails.
Zero-Trust-focused solutions that leverage machine learning, a subset of artificial intelligence (AI), are a great tool for enterprises to stay a step ahead of the bad guys and protect employees who can easily make mistakes – especially when the attacks are sophisticated and the targets are preoccupied.
Spear-Phishing Attacks
A recent Wired article pointed out how prevalent the issue of malware-infected documents are in email attacks. "Currently, 56 percent of malware threats against Gmail users come from Microsoft Office documents, and 2 percent come from PDFs," the Wired story noted. “Kits for crafting malicious documents and tailoring them to evade antivirus scanners are readily available in online criminal forums, ranging in price from about $400 to $5,000."
Beyond attacks that leverage malicious links and documents in random SPAM email operations, is the greater threat from highly targeted and customized spear-phishing attacks. In these cases, attackers leverage everything they have been able to learn about an attractive target and then craft an email attack aimed at tricking someone who works with that target.
Attackers can use numerous means to gather open source intelligence on a target – simply combing social media sites can allow attackers to learn things like the names of direct reports or key associates of a CEO, for instance. Messages are then crafted with this specific information that sound credible, and these sorts of detail-rich spear-phishing emails have a far better chance of being successful in an attack than generic, mass-distributed SPAM messages.
These spear-phishing emails can appear to be from a trusted source and contain very specific, detailed information, and are used to entice the recipient into clicking on a link to a malicious site or opening a malicious attachment.
Defending Against Spear-Phishing Attacks
How do you defend against these attacks? Solutions that leverage machine learning can stop these kinds of attacks from being successful even when employees are distracted or tricked by specially crafted emails.
BlackBerry® Spark leverages machine learning to analyze any executable based on millions of characteristics that identify a file as being malicious or benign, and then prevent the latter from executing on an endpoint. This innovative technique renders malware, ransomware, and zero-day attacks ineffective at machine speed.
BlackBerry Spark also provides memory protection. The most common incidents where memory is abused for attacks involve a user browsing a malicious website or opening a malicious document that may come via email. When this happens, the attacker’s code can execute within the memory of the browser or document application without ever using an executable file.
Memory attacks are becoming the threat actor’s favorite tactic, explicitly because it can be so difficult to detect and block these without interfering with routine operations. BlackBerry Spark negates these attacks by proactively identifying and blocking attempts at memory exploitation and can also prevent the exploitation of the most common classes of vulnerabilities such as buffer overflows and uses-after-free attacks.
Another feature that BlackBerry Spark offers is script control, which prevents malicious scripts running on devices. Script control examines the code and the script path to determine if the intent is malicious before the script can be executed.
BlackBerry Spark also secures function-specific devices through application control by allowing an administrator to develop a gold image for any device and apply a global lockdown to ensure the device does not change, preventing malicious binaries or modification of a benign binary.
Takeaways
Attackers take advantage of our human nature, especially how we behave when receiving or accessing important information from sources we assume to be trusted – they also take advantage of headline-making events like the Covid-19 outbreak.
It’s really important to remember that whether you’re the CEO or just someone trying to stay informed of the latest news on Covid-19, the potential to fall victim to a phishing attack is heightened. Make sure you have the right tools in place to be protected.