Automation in Phishing: Fighting One Automated Industry with Another

Phishing emails have been on an all-time rise over the past year, increasingly delivering ransomware and other hazardous threats to businesses and enterprises of all sizes. While these companies have been buckling down on anti-virus and other malware protection measures, the cybercriminal industry has been rapidly advancing through the automation of phishing.

Many advanced phishing emails appear realistic and personalized, crafted by cyber-criminals using similar tools as those used by commercial companies when launching a marketing campaign. Nowadays, cybercriminals also have access to automatic tools that can draft emails, conduct A/B testing, and record click through rates and other relative data in the same fashion as these marketing campaigns.

One key difference is the source of email addresses. Criminals use engines that monitor and collect addresses from the internet as well as lists that are available to buy on the dark web. As the phishing field continues to become more sophisticated, a larger abundance of advanced tools will become available for cyber-criminal to ensure their campaigns’ success. 

Basic level email automation provides cybercriminals with approximately a five to ten percent success rate. Although, with advancements in machine learning, cybercriminals now have the ability to increase their success rate to approximately 30 percent or higher. The drastic difference in success levels is accredited to machine learning’s ability to process data faster and create more targeted emails.

Machine learning programs that are used maliciously are able to better apply social engineering principles and other psychological tricks that cybercriminals may not be educated in. These carefully crafted mass messages now have the ability to specifically target individuals, providing a higher open rate, a higher infection rate and, lastly, a higher ROI for criminals.

Just as many legitimate businesses are shifting data analytics to machine learning platforms, cybercriminals are switching to machine learning as well. The higher level of automation provided by machine learning encourages many new additions within the cybercriminal community. Becoming a part of this network has become as easy as downloading a starter kit, running the appropriate programs and then these individuals can begin making money.

Another mistake many companies make when combatting phishing is to increase employee awareness training programs and increasing malware detection programs. The reliance on threat detection keeps companies vulnerable to the many new attacks that are released almost daily. Phishing campaigns work to install malware and other viruses, viruses that are always evolving, and therefore able to evade many popular detection cybersecurity software solutions.

In addition, employee awareness programs will always fall short when battling phishing and malware for several reasons:

  1. Even with high-level training, human curiosity will still get the best of us. People are naturally inclined to read emails with catchy subject lines and open files that they aren’t supposed to. Companies can train their employees all they want, but it will only ever filter out the “noise,” or the most poorly constructed phishing emails.
  2. Phishing companies have advanced beyond what can be preventatively taught to employees. Cybercriminals are crafting perfectly legitimate looking phishing emails and then using machine learning to ensure that the email is opened and their malicious files are installed on the end users’ device. Leaving phishing prevention in the hands of individual employees is like asking a bank teller to prevent theft from an organization of thieves.

So, what can be done?

In the case of cybersecurity, fire must be fought with fire, or in this case, with automation. Companies must seek out and enforce preventative solutions that use automated methods of prevention. One such technology that preventatively protects companies and enterprises of all sizes is the Content Disarm and Reconstruction technology (CDR).

CDR technology processes incoming files, analyzes and breaks down the content structure, then rebuilds a duplicate file with no loss of functionality – all in real-time. Through this process, end-users are able to receive any file, free of both known and unknown threats because CDR removes any content that is not approved by the organization.

This process eliminates the guessing game of whether a file-based phishing attack will become successful within an organization because all threats are neutralized before they reach the end user.

We have yet to see worst of what phishing attacks will eventually become. Machine learning is still in its early phases and phishing will only become more insidious as the technology matures and the process becomes even more automated.

We can rest easy knowing that there are solutions capable of providing protection that truly protects. The war on cybersecurity is far from over, but a shift to threat prevention will allow companies to have a fighting chance against the ever-evolving threats they face.

What’s Hot on Infosecurity Magazine?