The world’s top companies use wandera Learn Why Try Wandera for Free

MI:RIAM: new ‘secure’ phishing site is created every two minutes

MI:RIAM: new ‘secure’ phishing site is created every two minutes

1600 1200 Nell Campbell

As phishing attacks grow increasingly sophisticated, it has become more and more difficult for users to identify a ‘phish’. Attackers employ a range of convincing techniques to lure in potential victims, and the consequences to an organization can be catastrophic.

A couple of mistaken clicks can clear a bank account, or even put an enterprise at risk of a data breach. With that in mind, how would you react if we told you that a new ‘secure’ phishing site is created once every two minutes?

The evolution of phishing

Social engineering techniques have long been part of the cyber criminal’s repertoire. The earliest incidents of phishing transpired over twenty years ago when email was the preferred vehicle of attack. ‘Phishers’ would cast their nets far and wide with rudimentary techniques to encourage victims to part ways with their PII.

Realizing that email was a breeding ground for cyber threats, organizations responded by enlisting email-focused security solutions to protect data, revenue and reputation. Fast forward a couple of decades and the proliferation of mobile technology has dramatically changed the phishing landscape.

Wandera’s recent research revealed that 81% of mobile phishing attacks occur outside of email with apps, messaging services, and websites being the most attractive targets.

Download full report

MI:RIAM.

Mobile features a number of unique characteristics that make it a particularly fertile ground for phishing attacks; from limited screen size, making it more difficult to inspect suspicious URLs, to the on-the-go nature of the device encouraging users to be less cautious.

How can you detect and protect your enterprise against attacks that are diversifying and growing more convincing by the day? MI:RIAM has the answer.

Machine learing with MI:RIAM

Wandera’s advanced real-time machine learning engine, MI:RIAM, is powered by mobile device data from over two billion daily inputs. The advanced technology continuously analyzes vast feeds of information to detect and respond to new insights regarding malicious sites and other potential threats.

Combined with insight from Wandera’s threat intelligence team, MI:RIAM inspects URLs to identify if they’re malicious using advanced phishing detection techniques.

As part of Wandera’s quest to proactively monitor emerging threats, MI:RIAM listens to a live-stream of SSL certification registration events published across the web. Using this, MI:RIAM can extract information about new domains and websites in real-time.

If anything unusual is flagged, Wandera’s threat detection model can act fast and block the site at its root before an attacker has the chance to act.

MI:RIAM

HTTPS = trust?

SSL certificates are a way of digitally certifying the identity of a website. They inform the user that their personal information has been encrypted into an undecipherable format that can only be returned with the proper decryption key.

Countless cybersecurity campaigns advocate encryption and tell us that HTTPS sites are the ones to trust, so what’s the problem? Well, that’s exactly it. We perceive HTTPS sites to be secure, so we’re less likely to suspect a ‘phish’. However, with sites like letsencrypt.org making it easier to gain SSL certification, cybercriminals are using this to their advantage.

In one hour, MI:RIAM analyzed certificate registration events across the globe and out of these supposedly secure domains, MI:RIAM detected 30 phishing sites and flagged a further 18 URLs as suspicious.

Wandera continued to conduct this research this for a 24 hour period and discovered over 1150 new HTTPS phishing sites a day. And that is not including the plethora of the malicious HTTP phishing URLs that we already know exist. 

Why is this so concerning? Because it marks a new generation of sophisticated cyber attack. These highly convincing phishing techniques are making it even more difficult for users to recognize the risk.

What does an attack look like?

As part of the identification process, MI:RIAM captures the source of the link for the threat team to investigate further, if needed. As you can see below, it’s difficult to differentiate the phishing site from the real thing.

Phishing site examples

MI:RIAM

50% of malicious URLs in the sample were impersonating Apple, presumably hoping that targets would be seduced by the name and disclose their credentials. Other attackers emulated the login screens of Amazon, WhatsApp and Netflix.

How to prevent phishing within your enterprise

There’s no simple answer to combat the ever-growing threat caused by phishing. Part of the issue is education, and part of it is infrastructure.

The fact that malicious HTTPS sites are being detected means it’s even harder for app-centric security solutions to realize that important data has been given to a phishing site, as the data is encrypted. It’s imperative for organizations to have full visibility into where their data is being sent if an employee takes the bait.

Wandera has built the only technology that can automatically detect, alert and block traffic to mobile phishing sites in real-time. The Secure Mobile Gateway provides admins with full visibility into all the data being sent to and from the device at all times, preventing attackers from getting their hands on your personal information.

If you’d like more information about how to protect your enterprise against phishing attacks, book an appointment with one of our mobility experts.

Is mobile phishing the biggest mobile security risk?

Phishing is not only far more prevalent than you might think, but it has also become a major security threat on mobile devices, not just desktop. Find out where phishing attacks are happening, in which apps, and on what operating systems.

Download now