Reduce Your Odds of Getting Snared in the Phishing Net

Phishing is one of the most significant security challenges companies face today, and it has become even more challenging with sophisticated and evasive tools accessible to threat actors of all skill levels. In addition to phishing attacks becoming more difficult to prevent, the attack surface has significantly widened. Today, work is done anywhere there’s an internet connection, providing attackers ample opportunities to breach organizations at scale.

These factors mean phishing will continue to be among a cybercriminal’s preferred methods for gaining illicit access to an organization’s network. According to Palo Alto Network’s 2022 Unit 42 Incident Response Report, the three attack vectors of phishing, exploitation of known software vulnerabilities, and brute-force credential attacks represented 77% of successful network intrusions. Phishing alone accounted for 37% of those intrusions.

You can’t protect yourself from threats you can’t see or understand, meaning it is critical to have the right tools to keep you safe. Let’s take a closer look at what phishing is and the most common ways cybercriminals execute these attacks today. We will also take a look at the new Cloud Secure Web Gateway (SWG) technologies available in Prisma Access that can help protect your organization from the latest phishing techniques attackers are using to infiltrate your network.

What’s inside the phishing tackle box

First, a quick primer on what phishing is. It is the fraudulent practice of sending communications, which could be an email, SMS message, or phone call, that appear to be from reputable sources to trick individuals to reveal sensitive information or even to install malware onto a device. The goal is to steal sensitive information that can be used to commit fraud or other malicious activities.

Today’s phishing attacks are quite sophisticated and hard to detect. There are three methods attackers are increasingly using to launch these phishing attacks, and they have all the tools and resources they need in their phishing tackle box to accommodate the following tactics:

  1. Software-as-a-Service (SaaS) Platform Phishing
  2. Man-in-the-Middle (MitM) Phishing
  3. Phishing Kits

Let’s take a closer look at each of these.

1. SaaS Platform Phishing

Instead of creating phishing pages from scratch, attackers will leverage legitimate SaaS platforms, including various website builders or form builders, to host their phishing pages. Furthermore, these platforms require little to no coding experience, lowering the barrier to entry for creating and launching phishing attacks. Since these platforms have a good reputation and are recognized as safe by users, it is difficult for not only security vendors to detect these attacks, but also an end-user.

2. MitM Phishing

These attacks use a reverse-proxy server proxy to relay the original login page to the user but steal login credentials as people authenticate. MiTM attacks are capable of breaking two-factor authentication and avoiding many content-based phishing detection engines, making the threat invisible to clients and ultimately harder to detect. Attackers can steal or scrape credentials like session tokens, passwords, cookies, or whatever the site is using for authentication, in order to gain unauthorized access to a victim’s account.

3. Phishing Kits

Phishing kits may be considered a novice attacker’s tackle box of choice. These are ready-to-deploy packages that require the bare minimum effort to use, with everything an inexperienced attacker would need to deploy an attack, including usage instructions. When deployed, phishing kits generate copies of websites or send millions of emails representing well-known brands and companies, allowing adversaries to rapidly launch attacks in volume to various targets.

New Cloud SWG functionality helps keep you out of phishing nets

Cloud SWG within Prisma Access includes Advanced URL Filtering, the only web security engine to stop unknown and highly-evasive web-based threats in real-time, which is introducing new Machine Learning (ML)-powered detection models to prevent advanced phishing attacks leveraging SaaS platforms, Man-in-the-Middle techniques, and phishing kits.

SaaS platform phishing protections. With the increasing popularity of using SaaS platforms to launch modern phishing attacks, it is becoming more challenging for traditional security scanners to identify and stop these threats. According to Palo Alto Networks’ Unit 42 team, from June 2021 to June 2022, the rate of newly detected phishing URLs hosted on legitimate SaaS platforms has increased by over 1100%, showing that this technique is becoming more common.

The new SaaS platform phishing detection capabilities within Advanced URL Filtering analyze both URLs and page content to detect and prevent phishing attacks using legitimate SaaS platforms that would not be identified otherwise, all in real-time.

MitM phishing prevention. Advanced URL Filtering in Cloud SWG protects against MitM phishing attacks using new ML-powered detection models that performs real-time web page analysis and looks at various attributes of HTTP headers that leave subtle signatures, while also identifying if traffic is going through a compromised proxy. With these cutting-edge capabilities, customers can prevent patient zero.

Phishing kit detection. With phishing kits giving attackers of all skill levels the ability to launch advanced attacks in volume, it is crucial for organizations to have the right tools equipped with advanced capabilities that can quickly identify and block pages built by these phishing kits.

With its new phishing kit detection capabilities, Advanced URL Filtering utilizes kit source code fingerprints and directory attributes to generate unique signatures that can then train its detection models to quickly identify when a page has been built with these kits. This allows us to isolate and identify the significant amount of subsequent phishing pages built from the same source in real-time.

Use Cloud SWG to help protect your organization from phishing attacks

Check out our on-demand virtual launch event and resources page to learn how the new Cloud SWG capabilities in Prisma Access can prevent today’s most advanced phishing attacks.