As phishing attacks grow increasingly sophisticated, it has become more and more difficult for users to identify a ‘phish’. Attackers employ a range of convincing techniques to lure in potential victims, and the consequences to an organization can be catastrophic.

A couple of mistaken clicks can clear a bank account, or even put an enterprise at risk of a data breach. With that in mind, how would you react if we told you that a new ‘secure’ phishing site is created once every two minutes?

The evolution of phishing

Social engineering techniques have long been part of the cyber criminal’s repertoire. The earliest incidents of phishing transpired over twenty years ago when email was the preferred vehicle of attack. ‘Phishers’ would cast their nets far and wide with rudimentary techniques to encourage victims to part ways with their PII.
Realizing that email was a breeding ground for cyber threats, organizations responded by enlisting email-focused security solutions to protect data, revenue and reputation. Fast forward a couple of decades and the proliferation of mobile technology has dramatically changed the phishing landscape.
Wandera’s recent research revealed that 81% of mobile phishing attacks occur outside of email with apps, messaging services, and websites being the most attractive targets.
Download full report
Mobile features a number of unique characteristics that make it a particularly fertile ground for phishing attacks; from limited screen size, making it more difficult to inspect suspicious URLs, to the on-the-go nature of the device encouraging users to be less cautious.
How can you detect and protect your enterprise against attacks that are diversifying and growing more convincing by the day? MI:RIAM has the answer.

Machine learning with MI:RIAM

Wandera’s advanced real-time machine learning engine, MI:RIAM, is powered by mobile device data from over two billion daily inputs. The advanced technology continuously analyzes vast feeds of information to detect and respond to new insights regarding malicious sites and other potential threats.
Combined with insight from Wandera’s threat intelligence team, MI:RIAM inspects URLs to identify if they’re malicious using advanced phishing detection techniques.
As part of Wandera’s quest to proactively monitor emerging threats, MI:RIAM crawls all newly registered domains, looking for signs of malicious intent. Contextual data such as brand names in use or URL paths can provide valuable insights into the risk posed by a newly published webpage.
If anything unusual is flagged, Wandera’s threat detection model can act fast and block the site at its root before an attacker has the chance to act.

HTTPS = trust?

SSL certificates are a way of digitally certifying the identity of a website. They inform the user that their personal information has been encrypted into an undecipherable format that can only be returned with the proper decryption key.
Countless cybersecurity campaigns advocate encryption and tell us that HTTPS sites are the ones to trust, so what’s the problem? Well, that’s exactly it. We perceive HTTPS sites to be secure, so we’re less likely to suspect a ‘phish’. However, with sites like making it easier to gain SSL certification, cybercriminals are using this to their advantage.
MI:RIAM analyzed certificate registration events across the globe and out of these supposedly secure domains, an average of 30 phishing sites and a further 18 suspicious URLs are detected every hour.  That’s a new “secure” phishing site every 2 minutes. 
In a particularly bad 24 hour period, Wandera discovered over 1150 new HTTPS phishing sites. And that is not including the plethora of the malicious HTTP phishing URLs that we already know exist. 
Why is this so concerning? Because it marks a new generation of sophisticated cyber attack. These highly convincing phishing techniques are making it even more difficult for users to recognize the risk.

What does an attack look like?

As part of the identification process, MI:RIAM captures the source of the link for the threat team to investigate further, if needed. As you can see below, it’s difficult to differentiate the phishing site from the real thing.

Phishing site examples

50% of malicious URLs in the sample were impersonating Apple, presumably hoping that targets would be seduced by the name and disclose their credentials. Other attackers emulated the login screens of Amazon, WhatsApp and Netflix.

How to prevent phishing within your enterprise

There’s no simple answer to combat the ever-growing threat caused by phishing. Part of the issue is education, and part of it is infrastructure.
The fact that malicious HTTPS sites are being detected means it’s even harder for app-centric security solutions to realize that important data has been given to a phishing site, as the data is encrypted. It’s imperative for organizations to have full visibility into where their data is being sent if an employee takes the bait.
Wandera has built the only technology that can automatically detect, alert and block traffic to mobile phishing sites in real-time. The Secure Mobile Gateway provides admins with full visibility into all the data being sent to and from the device at all times, preventing attackers from getting their hands on your personal information.
If you’d like more information about how to protect your enterprise against phishing attacks, book an appointment with one of our mobility experts.