“Phishing scams are easy for criminals to run, and quite simply they work,” said Al Himler, senior director of product management at Wombat Security Technologies. Referring to research conducted by his company, he said, “We know that when companies first start working with us, nearly 16 percent of their end users click on simulated phishing emails. Whether you are a company of 10 or 10,000, that is a disturbing number, but very appealing odds for an attacker.”
Attempting to address the bleak reality of phishing emails, Wombat has announced PhishAlarm Analyzer, an email solution that uses machine learning to recognize phishing attacks. To do this, the software-based solution checks emails against different security sources, identifying and prioritizing for incident response teams.
Himler said that using machine learning technology allows PhishAlarm to become “more effective over time.”
“It's important to remember that the techniques used by hackers and fraudsters are always in flux; attack styles and methods morph and change, becoming more sophisticated and more difficult to trap in email filters,” Himler explained. “PhishAlarm Analyzer continuously pulls data about known attacks, dangerous IP addresses, blacklisted entities and other markers from a multitude of reliable resources. It's always learning and evolving, and it applies that knowledge when scanning and evaluating suspicious messages. Because our algorithms tap into data about real-world threats and attacks seen in the wild, even subtle changes in threats can be detected and communicated to security response teams for more effective remediation.”
The rapidly changing nature of phish scams isn’t an exaggeration. “Phishing is significantly different now than even 18 months ago. It is much more sophisticated, [the emails] look much more real," Scott Angelo, chief information officer at K&L Gates, told The American Lawyer. "This is a business for these people, and you have to take the view that you are up against a business. It just happens to be a criminal business."
The concern about phishing is felt in many industries, among which is law. Among the firms responding to the 2015 ALM Legal Intelligence Law Firm Cybersecurity Survey, the majority of firms surveyed found phishing to be their greatest security threat (25 percent). Furthermore, Verizon’s 2015 Data Breach Investigations Report found that within a company, legal departments are the most likely to open a phishing email.
Himler noticed that his company “saw the same thing” as the results of the Verizon report in its own “State of the Phish” report, which noted that those within the telecommunications and professional services industries (which include law departments) had the second highest “click-rate” on phishing emails (23 percent) of those polled.
“If a lawyer opens and clicks on something in a phishing email, they could unknowingly unleash malware on their computer, allowing criminals to collect any of the sensitive data that they have or even their passwords and logins for other secure systems they access,” Himler explained. “Your brain can run wild from there, from the criminal having the ability to remotely access and destroy files, or for them to have the ability to share evidence or private client communications with people that should not have access is a big risk.”
As to why legal departments seem to be more susceptible to phishing scams than others, “our discussions lead to multiple theories ranging from industry maturity, age of the overall workforce, to the fact that some industries may not have suffered as many breaches as others yet, which could mean that users are less aware of the risk,” Himler said. “For us, it is clear that legal departments need to invest in end user training to be sure their population is aware of cybersecurity threats.”
For how PhishAlarm Analyzer addresses the problem of malicious emails, a statement announcing the release said that by identifying and categorizing emails, the software allows security responders to isolate the infected emails for remediation. After reviewing emails against “threat vectors,” emails are ranked by likelihood of risk.
“We are all busy in our jobs each day and get a ton of email to sort through and without being reminded that it could be dangerous – people just click on links and often have no idea that they have done something wrong or compromised their machine and their organization's data,” Himler said. He added that with PhishAlarm Analyzer, “security analysts can quickly and easily dig deeper into the threats associated with the reported email. This is a great timesaver for security professionals who are facing an ever-increasing workload.”
Himler also advised ways on how professionals can better their chances of avoiding being phished. “First of all, ask yourself, do you really know who is sending the email? Do you recognize the sender and their email address? Does the message contain a ‘call to action’ or convey a sense of urgency? Is the domain in the URL or file name of the attachment related to the content of the message? These are good starting off points, but ultimately, you cannot assume employees understand what the threats are and how to respond appropriately, without the proper tools and knowledge. ... The best way to get reliable, effective participation is to train them about the threats they’re likely to face.”
PhishAlarm Analyzer is currently in its trial phase with Wombat customers and scheduled to be “generally available” in the second quarter of 2016, Wombat said.