Aiming to decrease the chances of being detected and gaining more time before their phishing scam is exposed and blocked by response organizations, attackers use multiple evasion techniques. And they continue to be creative about it!
Tracking these techniques closely, we see a variety of them. Here are a few evasion techniques that help phishing attacks bypass security solutions:
Mobile only – The link directs to the malicious webpage only if browsing from mobile devices, leveraging the fact that mobile devices are less secure than desktops and that users may pay less attention when browsing from their mobile.
Timers before redirecting – the attack waits a few seconds before redirecting to the malicious link in order to evade security solutions that run for a limited timeframe.
Button automation – the redirection to the malicious page is done only following clicking a button which verifies that the user is a real person. Security solutions don’t click it and therefore don’t “get to see” the malicious page and can’t detect the link as malicious.
Captcha defender – just like the simple button automation, the victim is redirected to the malicious URL only after clicking a captcha or a reCAPTCHA and being identified as a real person. Here again – if the security tool can’t access the malicious page, it definitely can’t detect it as malicious.
These techniques and others reduce security solutions’ effectiveness making it almost impossible to prevent phishing attacks.
Evade with a click of a captcha
In the past couple of weeks our researchers identified a drastic increase in the number of attacks using a captcha defender to go through security tools. And guess what, these phishing attacks indeed bypassed leading Secure Email Gateway (SEG) solutions and even Advanced Threat Protection products including Office ATP and Proofpoint TAP.
The prevalence of this technique seen among BitDam’s customers grew by hundreds of percentages in the past couple of weeks, compared to the previous two weeks. Scanning all attacks from various feeds, we’ve observed the same trend in these feeds as well, driving us to the conclusion that this was added to popular phishing kits.
It starts with what seems like an innocent email. Here is one example for a subject line: “New Sharedfile Received for BRAND“. Opening the email, it looks like the email contains several attachments and the user is requested to click a button to view them saying “BRAND uses Outlook Files to share documents securely”. Clicking it would lead to a captcha page that looks like this:
The next page would be the actual phishing URL. For example:
By now, you are probably wondering how common this technique is and who are the target victims. So…it is more common than you would imagine. We saw it targeting most of our customers which range from small and medium businesses to enterprises with many thousands of users from various industries and locations. This evasion technique was used in phishing attempts in Europe, North America and The Middle East. The attacks were almost always delivered via email.
Perhaps the most interesting thing about the attacks that BitDam prevented among its customer base was that all of them were leading to fake Microsoft login pages. As you can see in these screenshots, they varied in their graphics, but Microsoft remains the number one target with hackers desiring to steal Microsoft user credentials.
What can we do about it?
Assuming you don’t want to be the next victim, I would start by checking if your email security vendor detects such attacks. You can simply register to BitDam Lucky Meter which will send you the most recent phishing (and malware) attacks as soon as they are released to the wild, and provide you with a simple dashboard so you can easily know what bypassed your current email security. BTW – it’s totally free.
Of course, you should never enter your credentials to unknown websites, but that tip is pretty outdated. Everyone knows they shouldn’t click suspicious links but somehow there are more successful phishing scams every day. This means someone does click them, right?
However, if you do come across a URL that you aren’t sure about and would like to scan for phishing before going on, you can always use this online phishing scanner that will give you a verdict in no time, letting you know if the link is a phishing scam.
CISOs Panel Discussion: Securing Remote Collaboration During a Pandemic
Liron Barak, CEO of BitDam interviews three CISOs from across the globe in this unique panel discussion. A common theme between all of our panelists is how to face the ‘new normal’ of remote working with the rise of cyber threats. These security experts dive into their organizations’ plans of attack on how to become quick and effective adaptors to these new security challenges. Read the transcript below!
LB: Good morning and good afternoon! Thank you for joining the panel discussion on securing remote collaboration during the pandemic. My name is Liron Barak. I’m the CEO and Co-founder at BitDam, but I’m the least interesting person here. Today we have three special guests that I’m honored to host.
We have Michael Sherwood the Chief Innovation Officer at the city of Las Vegas joining us from Nevada. We also have Norman McKeown, the Head of IT at LSH Auto UK Limited, the UK’s leading Mercedes Benz retailer with over 143 Mercedes Benz dealerships, worldwide, and last but not least Daniel Baird who is the Group Head of IT of Graham’s Family Dairy, all the way from Scotland.
Welcome guys! Thanks for joining us for this session. We’re planning to have an open conversation today talking about what it’s like to be in charge of IT security when things are crazy, everywhere, but especially when it comes to IT and cybersecurity. Let’s start off with a little bit about the background of each of you and the organization you represent. Daniel why don’t we start with you.
DB: Yes, I’m the Group Head of IT at Graham’s Family Dairy. We’re a family run business, operating since 1939, supplying milk, cream, ice cream and butter, to over 7,000 customers UK wide and internationally. I’ve been in the role here for approximately five years and looking after everything from IT Security through two to one connectivity in ERP solutions. So it’s a busy job. Prior to Graham’s, I was Managing Director of an MSP doing cloud consultancy primarily and Office365 consultancy. I’ve become a bit of the gamekeeper turned poacher.
NM: I’m Norman McKeown the Head of IT for LSH Auto in the UK. We are one of the largest Mercedes dealer groups locally, I’ve been lucky enough to do this role for about four years, touching pretty much anything I cable touches from to infrastructure, to telephony, to CCTV systems all falling under my role. It’s been a whirlwind since we launched the company in the UK. Prior to that, I did a short stint at the Siemens Power Generation Services and before that I was over 17 years at PSA. I’ve worked on the manufacturer side of automotive; I’m gatekeeper turned poacher, having now moved onto the retail and dealer side. So it’s been a good four years and plenty more to keep me busy.
MS: I guess I’ll go now. I’m Michael Sherwood, the Chief Innovation Officer for the City of Las Vegas. I don’t think any introduction needs to be done for Las Vegas, we’re an entertainment destination where you come to have fun. I’ve been here for roughly five years, like many of the other individuals on the call I oversee everything from cable infrastructure, CCTV, all basic systems. Anything technology based or that plugs into a wall for the most part falls under our purview. I’m very proud to work here. Very happy to be in this community in the great state of Nevada and it’s an honor to be here with all of you today with such esteemed colleagues. When it comes down to it security and protecting our digital assets is our number one priority. Now as more and more of the city in the community relies on technology, protecting those assets becomes increasingly important.
LB: Thank you guys. Why don’t we start with some tough questions? It will be interesting to hear what were your top information security challenges during the pandemic?
NM: I would say the automotive industry certainly in the UK was one of the more challenging divisions that had to move to remote working at home. It’s not something we traditionally do in the car industry. People come in and they want to walk in, touch the metal and buy the cars. So whilst the majority of our industry is shut down, we kept two facilities open for key workers.
During the lockdown in the UK, our biggest challenge was twofold. It was taking a predominantly paper based business and I’m moving it digitally and electronically while doing that securely and quickly, and also getting users who have never worked from home in their life before to understand the unique differences and challenges. Whilst it may appear that they’re sitting at their desk in the office because of the access we gave to them there are some unique considerations to take into account and some simple things from, ‘I don’t have the scanner right next to me’, to remembering to ensure that their VPN is running, their security is up, that we’re not constantly there nagging them. That was a big challenge for most part, we’ve taken a very legacy industry and bring it to the 21st century very rapidly.
DB: Well, I liked the fact that you think that the car industry is a legacy industry and milking cows is pretty old school as well. We are certainly a very paper based culture and that can pose a lot of challenges. I think we’re probably slightly different from a lot of companies that have been affected with the current situation. Our sales have gone up and we’ve had, and financially we’ve had three or four very strong months. That’s a change in people’s behavior and the way we’re doing sales. While we lost about 3,000 customers, as soon as the lock down hit. The demand for milk went from people buying a latte in Costa Coffee to buying a lot of milk for the house, increasing it in what we call doorstep sales. Sort of traditional milkman sales, and another which are higher margins to do business with a supermarket because it’s in bulk. It’s great! Not as much logistics and customer service with the doorstep piece, plus it’s much higher margins.
We had to obviously move as many people home as possible to shut down the offices while keeping them working at 100%. We had some challenges around paper based solutions and certainly things like scanning, as Norman mentioned, people asking to take scanners home, even though the tracking of what people were taking home was a challenge in the first couple of weeks. We were getting phone calls, like, “Is it okay if I take my desk chair home?”.
Then we had a challenge around hardware as being a very traditional business. We had a lot of physical desktops, very few laptops. We were trying to send people home, but we’re unable to source corporate laptops. So we had to do a lot of BYOD type things, getting people up and running on their own systems from home. How can we secure that access? Can we give them access to the company shared drives into VPNs on personal devices and how do we protect that? For me was the biggest security concern to begin with.
MS: It was very much the same, along with the lines of my esteemed colleagues here. It was shifting, roughly 3,000 people from coming into physical offices and moving them to their home locations. Obviously shortages of equipment, laptops and so forth, but going to a complete remote infrastructure. We were really privileged that some of the tools we already had were in place, like Azure and other types of remote connectivity. This really helped and benefited us to get moving. The other issues we still had to maintain staffing levels at our facilities. Having staff and getting them prepared up with PPE or protective equipment and still be able to operate.
The hardest part which we learned through this pandemic is just the user education we need to do. Just basic security education, basic overall computer skills, which we take for granted in our department where the technology department, most of us are familiar with it. Then adopting to workers can’t come down to our office or can’t work with us and can only talk to us over the phone. Trying to explain what cable goes, where and how to make these things work. So we came up with some really ingenious ideas, basically took ideas from YouTube and TedTalks and made little videos and then sent those out to employees to help bridge that digital divide. It’s something we’re going to work on going forward. Other than that, the biggest issue was security access to data and how that’s going to move around in this new age of a decentralized work environment.
LB: Did you specifically regarding information security, did your information security toolbox narrow or broaden or change in the past few months? Why did you or didn’t?
MS: For us, we were compromised and we used the word compromised in January, right before COVID. Basically we took a lot of measures, so we were kind of ahead of the curve based on that incident. Obviously, part of that was adding more monitoring tools and a harder look at our infrastructure. We reemphasized focus on how we managed cybersecurity, not just internally, but across the organization…especially passwords. Part of that I was implementing a two factor system, which wasn’t popular at the time. With COVID it was a great opportunity to have those types of systems in place. It hasn’t been as hard to get executives to provide investments into cyber cybersecurity based on the compromise that we had in late January. Now with COVID, security’s been on the minds of everybody. Getting tools was not as difficult to implement as it was to getting users to understand them was the greater long term challenge.
NM: We’ve very similar. We lucked out in that we had the same issues as both Michael and Daniel have mentioned in terms of shortage of hardware. I think I found one supplier that could supply me with laptops, but it was on a five week lead time; and when I was shutting the business down in three days that was not good. We were actually in the middle of an infrastructure change when COVID hit the UK; a data center change, VPN service change, network change. We were right in the last six weeks of that before the lockdown. Very much as Michael has mentioned, the biggest challenge we have was around users. We did some videos as well, some video voiceovers and our biggest implementation was bringing forward multifactor authentication. We had a user compromised that we luckily caught within five minutes of the compromise. So there was no risk to the business. There was no leakage of data. We caught it very quickly and shut that account down. The hardest bit was getting the users to read the instructions on how to set it up once they’re up and running. We had a partner who worked with us very well and really understood what we were trying to achieve. That was a big bonus that ensured we were secure during the whole change of moving terabytes of data between data centers in the middle of this pandemic.
It was having a really good partner who understood our business and our organization. Then again, having the backing of the executive coordinator to put in the extra layer of security. Again, as Michael said, there wasn’t a long conversation around the implementation. Often it was “Yep. We need this, let’s get it done. And let’s get it done efficiently.”.
DB: I think we were quite lucky. We already had the bulk of our services in the cloud. We’d already implemented multifactor for a number of years, but we had multifactor only enabled, we only allowed certain people to access services out with our opposites. And then all of a sudden it’s that bulk enrollments of users into MFAs, the infrastructure was all there, but that pain of actually getting the users to follow the instructions was challenging. You also have the personal information piece around that.
We don’t have company mobile phones out without people saying, “You need to put your mobile phone number in here, but I don’t want you to have my mobile phone numbers.”. It’s not for anything other than helping you secure your account. I’m getting that piece, which was quite challenging, but COVID became quite a good stick to beat people with around a lot of IT projects. Things like the migration of documents to SharePoint and user adoption within MS Teams, things like that. These are all technologies we already had, but we weren’t using them anywhere near enough. We used this as an excuse to rapidly do it and that works in our favor, I think.
LB: You all talked about your entire organization working from home and discounts, along with a variety of challenges. It will be interesting for me and for us, to understand if it was the pandemic that caused your organization to use more collaboration tools, such as OneDrive, MS Teams, Zoom and others? And if so, how do you ensure that your enterprise collaboration platforms are actually protected?
DB: I said before, I think we were already using a lot of these technologies and they were already in place, but underutilized and getting the user adoption piece up and running was key for that. We haven’t invested in any new technology and we’re not doing anything that we couldn’t do before. We’re just doing more of it. Having people dialing in from BYOD devices onto legacy shared drives was a security challenge. But if we thought moving these things into OneDrive, they become a bit more secure, especially because that’s being protected by BitDam.
So we’ve got that protection there at the service side, as well as on the client side and that has made me sleep easier at night.
NM: I think we’re in a similar position where we’ve been obviously O365 since we launched in 2016, but I think outside of the IT Department, probably Skype for business was the only there any collaboration tool and that was used by maybe a seventh of the organization. We’d been pushing MS Teams and making the information available saying it’s really useful. There was a little bit, we were just starting to gain traction. Then suddenly we made a business decision where our business is spread between two areas, the Birmingham and Manchester market areas in the UK. Before lockdown, we took a decision to reduce traveling. So one of the first meetings we converted to online, was we’re meeting with our senior management and our general managers who run each facility. We ran it through MS Teams and instead of it being an all day 9 to 6 meeting with traveling too. We had the entire agenda covered by 3pm and people saying, “This is fantastic. Why haven’t we done this before?’. So I think from the IT Department point of view, it’s a feather in our cap. As David has said, we have our OneDrive, email, our MS Teams all protected by BitDam.
With what I’ve seen since I started using BitDam last year, I know if there’s something that does creep in it will be picked up like that. And then we can react if and when we need to so it’s been a real opportunity to showcase what IT departments are not just there to be there if and when things are broken. We can bring real value add art in terms of collaboration, but secure collaboration with the business and not having people’s stories and things here, there, and everywhere, which is out of control.
MS: I agree with Norman, it’s basically you got to have the right tools, BitDam’s been our go to tool for all of our Office365 offerings, which is our mainstay for how we do remote work in the city. The other area that we’ve really lacked is the cybersecurity team on our side, getting them educated and trained on how to use the tools and when working remotely where they’re not sitting next to each other, being able to share information and talk about working in a remote environment. It’s almost like what we’re doing at your meeting. It’s a different environment to be able to work through issues and still collaborate with our infrastructure team and with our desktop team. So that’s been a challenge, but overall it’s having solid tools in place, like BitDam that’s really made the difference for us in feeling comfortable with deploying all these remote services.
It’s not a normal thing for us. We’re very used to coming to the building, use our technology in our facilities, other than getting an email on your phone, there was very little getting service access to our internal environment. That just wasn’t the way government worked, but it’s changing. It’s changed in days and weeks rather than years, but having solid tools is really what saves the day.
LB: Thank you guys. We hear a lot about threats that are being sent to organizations today. A lot of organizations that get ransomware or another big data breach because of the pandemic. It would be interesting to hear from you because you have a lot of experience in this field. How do you explain the fact that organizations have so many malware protection solutions in place yet there are still so many successful cyber attacks? It would be interesting if you can share if your organization’s experienced more cyber attacks during the pandemic and if those attacks were sent through a certain channel or through different channels. It would be great to hear from what you experienced during the last few months.
NM: I think our biggest increase of these came through phishing emails. Since March that has gone through the way and certainly for us as an organization I think the cybercriminals have tried to take the opportunity to exploit the fact that we are not working together in the same office. Being that we do a lot of transactions, people buying Mercedes Benz vehicles and they are quite a sizable investment. We’ve certainly seen an uptick in malicious attachments and credential harvesting attacks coming into the business or attempting to come into the business. As you mentioned, there are so many cyber security tools and the way I explain it to the board is it’s a bit like car security. We have to invent new technology for the cars that we sell. Criminals will find a way to exploit that. So we then event more security and it’s a constant game of cat and mouse.
Every time we close a loophole in cyber security, they inevitably try and find another route in, and because we are in such a connected world now, I go back to the early days of my career when I first put corporate WiFi. Back then I was told it’s not critical if it goes down, fix it when you can. Within two months as soon as it went down, the MD was on the phone, shouting at me wanting it back up and running again. People are so used to it. We’re so used to being able to access things easily. Which is weird, but the side effect is that they’ve given easy access, giving more weight into security. Having a suite of security tools means you’ve got more chance of catching it, then trying another route if you only have your standard spam filtering, email protection. Even with the market leading protections, you need to have a number of those to keep going in line and just try and keep locking them out of your systems.
DB: I think Norman’s absolutely right. I think that the multi tiered approach is critical. In an industry where the Chairman of the company is a farmer it’s challenging to get him to lock his computer and say you can’t just have one password as your password. You must lock your computer and no, you can’t just click on everything.
These are the challenges that we have that goes back to that user piece. As an IT department, we’ve got to protect users as much as possible. Putting in BitDam alongside other tools gives us that multi tiered approach. That’s one of the reasons I liked the way BitDam approached the email security piece is the way it interfaces with Office365 it sits inside the mailboxes. Therefore, we can have perimeter security protection and we can have mailbox security protection. That’s what I really liked about it.
As was for an increase in attacks, our reporting says we have a bit more attacks. We’ve not had a huge amount more through to the mailboxes of users, but certainly the stats are showing that more are being attempted.
MS: Definitely attacks are on the rise. I mean our name Las Vegas, every time we’re in the newspaper or something, attacks rise up. There’s been a lot of press today, some of the casinos are laying off a lot of individuals, so the attack vector or attack surface rises because we’re in the news. To Daniel’s comment, having a layered approach, multiple tools and using BitDam as our main tool, most of our attacks come through email, the old fashioned way through phishing.
Again, I go back to user education, user education, user education! Most of them are very plain to see in the world we live in today. For example, I got this email from the mayor. I look at it and the email address is nowhere near what the mayor’s email address is, but they’re so focused on it looks like it’s from the mayor. They don’t look at the email address and immediately start responding to these individuals. To me the key is education as well, the tools have been fabulous. We haven’t had any issues and the layered approach is working. It’s the education of our users, which is most important. Phishing continues to be the most problemsome issue within our organization.
LB: I agree. It seems like from all of our customers we see a lot of phishing. So what you are all saying is reflected in the data we are collecting as well. This is something we see on a daily basis in our system.
On a different topic. It would be interesting to hear how do you balance security with business and productivity needs? It would be great to hear if you have any tips that you can share with us.
DB: The key thing there is that the, the, the productivity has got to be there. And if there’s, if your security compromise, you have zero productivity, you’ve got to put these marriages in place to protect them, protect the productivity. Absolutely.
NM: I think firstly, the biggest, the challenge I’ve got as I’m sure we all have is users will take the shortest way to get to where they want to get to. I think as Michael mentioned, the previous comments it’s user education. So it’s not just that IT is putting these tools to make your life awkward. We’re actually doing it to make your life easier. So as well as understanding how to use them and understanding why we’re doing certain things. Especially, if it’s not something nice and shiny they can instantly see. Most of our security work is hidden in the back end.
One of the things I loved about BitDam was the ease of deployment. I didn’t have to teach my users how to use a new security email system. It sits on my mail system, but it’s explained to them.
We’re not just doing this because it’s a new, shiny new tool that we want to play, we’re doing it for raising to protect the business to ultimately make your life easier.
LB: Let’s move on to our last question for this session. It’s known to us like everyone is talking about remote work becoming the new normal, even after the coronavirus will be gone. It would be great to hear what will be the influence of this period on organizations cyber security, in your opinion.
MS: It is the new normal, I don’t think I’m going back to the way, even for government, who generally slow adopters of anything new and shiny. It’s definitely a trend that’s not going to stop, which is going to complicate our security posture. It’s definitely going to put more reliance on letting go of certain aspects of our operation, not being able to be fully in control.
Azure was a big leap for us to give up our email servers locally and move all that the cloud OneDrive was even a bigger leap MS Teams. That being said, that’s what really makes us very proud customers of BitDam is that it is an evolving platform. As our ecosystem evolves and changes the BitDam system evolves and changes with our organization and kind of interweaves with the technology solutions we are going with. As the world moves towards going more mobile and remote, we have to be flexible to provide the services to all of our customers in any condition and be able to gain access to all the tools and resources, just like if they were in the physical building itself. So it will be very challenging, but with great partners, we know that we will be able to, to meet that challenge head on.
DB: We’re going to be taking security in a different light. I think security and home working, having more mobile users and people being outside that corporate firewall learning the different ways of securing access is going to be key. I’m currently trialing physical keys for laptops as well, and for cloud access. I’ve always been one to focus on identity. I think all security things should be identity. The more you consolidate that identity piece and protect them as a fortress with MFA, with physical keys, these are the things that we’ll need to be looking at more and more.
NM: I think it’s the new normal it gets for the IT department, it’s a double edged sword. It’s been a real opportunity for us to showcase what we can bring to the organization. As both Michael and David have said, it adds an extra layer of complication. I think my industry proves we can do things more digitally. One of the surprises for me was the number of vehicles we sold completely online in lockdown. From start to finish and we’ve got to protect those customers. One of the reasons why I liked the BitDam platform is that not only helps protect my users and my organization, I know it’s helping me protect our customers as well, which helps them protect our brand and our brand image. But it is constantly treading the catwalk between ease of use and accessibility, keeping it secure and keeping all the business data secure.
LB: It sounds like there are also some good surprises in this period of time. Thank you guys very much for joining us to discuss for this session today. It was super helpful and then I wish all of us, uh, you know, a better, healthy period of time!
BitDam has just announced the launch of its advanced online URL scanner that detects phishing and malicious links. With phishing attacks constantly increasing in both sophistication and frequency – and with COVID-19 accelerating these attacks – this innovative tool could not come at a better time.
The tool demonstrates BitDam’s advanced phishing detection capabilities and provides the cybersecurity community with the ability to scan suspicious links even when they’re still very new – and when reputation and threat-intelligence solutions still cannot identify them.
The phishing detection tool is built for SOC and threat hunting professionals, security analysts, and MSSPs who want to be at the forefront of phishing detection technologies.
Why Phishing Protection Is So Important Now
Phishing is the No.1 cybersecurity threat facing organizations today. A combination of factors have made this problem more urgent than ever:
Phishing is now more sophisticated
Due to the increase in the severity and consequences of phishing attacks, employees are more aware of the dangers that phishing emails pose. Attackers, therefore, have become more sophisticated, employing machine learning and automation to rapidly create and distribute convincing phishing messages.
Attackers have developed new techniques
With attackers constantly developing new techniques – including using automation to bypass existing security tools – traditional security solutions, including reputation-based products, just can’t keep up.
Attacks are targeted – and missed by traditional solutions
More attackers are ditching the “spray-and-pray” type of phishing attack for more targeted phishing campaigns. These are aimed at individuals within an organization and can be hyper-personalized, ensuring they’re not identified by reputation-based detection solutions including many O365 phishing security and Gmail phishing security solutions.
Phishing attacks are on the increase
Phishing attacks have increased because they’re relatively cheap and simple to set up. With little effort or fear of consequence on the attacker’s side, they can easily access sensitive data like company login credentials. With COVID-19 increasing the number of people working remotely, as well as stress levels, attackers have been taking advantage of this situation.
Liron Barak, CEO of BitDam observes, “We are seeing a real increase in phishing campaigns in the past year. In fact, phishing has become the top cybersecurity threat, more than ransomware or any other malware. That’s because phishing attacks are much simpler to execute, and recently are more difficult to identify.”
The launch of BitDam’s phishing detection scanner could not come at a better time. Barak notes, “In addition to including our unique phishing detection capabilities in BitDam’s Advanced Threat Protection solution, we are now launching this online scanner for use by cybersecurity professionals.”
A Unique Phishing Detection Tool
Most other phishing protection solutions are based on reputation and threat intelligence. This approach is inadequate in the face of automated attacks and previously unseen first-time threats.
BitDam is independent of previous knowledge and data. It uses multiple sophisticated computer vision and AI algorithms to assess: is this a phishing link?
It can, therefore, detect phishing threats at first encounter, unlike reputation and threat intelligence-based products that have to wait to collect enough data before classifying something as phishing
BitDam offers phishing detection and prevention as part of its comprehensive Advanced Threat Protection solution for business collaboration platforms which includes protection for email, cloud drives, and Instant Messaging – covering threats of any type hidden in files and links.
BitDam Launches Its DIY Guide To Assess Email Vulnerability
Understanding your vulnerabilities when it comes to email security is critical in order to ensure that you’re protected against ransomware, phishing, and other email-borne threats. These threats are getting more sophisticated, and many are able to evade mainstream email security products. Studies show that 20-40% of the emerging threats bypass the leading email security solutions.
Testing your email security may sound like a long and complicated task that involves engagement with pentesting professionals and deployment of attack simulation tools. But it doesn’t have to be this way. BitDam now presents its DIY Guide: How to Assess Your Email Vulnerability for Free in 20 Minutes which allows anyone to test their email security and get an accurate view of what threats their current security tools block and what they miss.
This guide showcases free tools only – each focused on a slightly different goal – and uses a step-by-step approach, guiding you in how to assess your email security posture. You can also watch the video to learn how to implement these free tools.
Why It’s Needed
Some responsible for email security might think that with their “mainstream” email security solution in place, they’re protected. Unfortunately, the facts show that this is a dangerously incorrect assumption. Specifically, when it comes to threats encountered for the first time – “Unknown Threats at First Encounter” – these solutions struggle to keep up.
For example, Proofpoint’s “TAP” advanced email protection misses about 23% of new attacks emerging every day, Microsoft Office 365 Advanced Threat Protection (ATP) misses 25% of new attacks including recent phishing campaigns, and G Suite Enterprise misses almost 36% of threats. In fact, 45% of emerging threats bypass at least one of the leading email security products.
So how does your organization’s email security fare when it comes to these threats?
Free Tools To Assess Email Vulnerability
BitDam offers three free tools for evaluating your email security: Lucky Meter, Breach & Attack Simulation (BAS), and BitDam’s Malware Feed.
Lucky Meter is a highly accurate way to assess email vulnerability, using continuous, real-world attacks in real-time to give an accurate, up-to-date, and detailed picture of your risk level.
Breach and Attack Simulation (BAS)
BitDam BAS offers a quick one-time assessment of your email security posture. It makes use of simulated attacks, that are based on real-world attacks the BitDam team has observed in the wild.
Mainly used for deeper investigation, the Malware Feed includes live information on real-world malware attacks.
Each of these tools is incredibly easy and quick to get started with and is offered by BitDam completely free.
More About The Guide
The DIY Guide presents each solution in more detail, highlighting each one’s typical use case and main advantages. Each tool has its introductory section explaining what it’s ideal for, its quick steps for getting started for those more proficient with these types of tools, and more in-depth step-by-step instructions including images and screenshots.
By following the Guide, you’ll be able to select any or all of the free services offered, use them to assess any vulnerabilities within your email security posture, and generate detailed, valuable reports that can help you make the right decisions for the security of your organization. And the best part about it – you’ll have to invest only about 20 minutes.
Your Guide to Continued Email Security
Using these free tools provided by BitDam, any organization can simply, quickly and easily check the current state of their email security posture – the first step in upgrading your email security to meet the latest threats.
The research notes that “As cloud office suite adoption becomes nearly universal, security and risk management leaders must explore ways to protect sensitive information from risks and threats”. We fully agree of course, and in our opinion this is made all the more urgent by factors such as an increasingly decentralized workforce and the work-from-home (WFH) consequences of COVID-19.
BitDam: Protection Across Multiple Platforms
In the report’s recommendations, it’s noted that “security and risk management leaders overseeing applications and data security related to cloud office security should: evaluate a threat-protection tool that can work across multiple enterprise collaboration platforms”. At BitDam, this is part of our DNA as we protect against malicious files and links delivered in any collaboration platform including enterprise email, cloud drives, and instant messaging.
Today’s Threats and BitDam’s Answer
Two of the biggest threats facing organizations today are email-borne threats, and threats relating to collaboration platforms such as Google Drive, Microsoft OneDrive, or Instant Messaging platforms.
Many popular email security products can’t detect 20-40% of unknown threats at first encounter (which can lead to successful phishing, ransomware, and data breach attacks). Add to this the fact that there has been a constant increase in the use of collaboration platforms – which has accelerated in 2020 – and the need for the protection that BitDam provies becomes apparent. BitDam effectively protects these platforms against threats, including securing IM, Zoom and Microsoft Teams.
What’s So Cool About BitDam?
Here are what we believe to be some of the factors that make BitDam so special:
Protecting multiple collaboration tools
The list of collaboration tools used to share content and work together is constantly growing. Files, links, attachments, messaging, video, cloud drives – all of these have become critical in the modern workplace. Unfortunately, these tools also provide attackers with multiple points of entry when it comes to cyberthreats.
BitDam therefore secures multiple collaboration tools – including email, cloud drives, instant messaging tools and video communication platforms – thus keeping the modern organization safe across all fronts. It uses the same security approach across all these channels and provides security personnel with unified view.
Unique attack agnostic detection approach
BitDam’s unique approach means immediate detection of advanced threats, regardless of attack techniques. BitDam learns the normal code-level executions of business applications such as MS-Word and Acrobat Reader. Based on this whitelist, it scans files and links before they reach the end-user, and determines whether they are malicious or not, regardless of the specific malware they may contain.
Detecting both known and unknown emerging attacks, BitDam guarantees the highest detection rates in the industry. It does not require feeds, reputation or intelligence services in order to detect never-seen-before attacks.
We leverage our IP to offer free SOC tools
BitDam offers free SOC tools such as its Breach & Attack Simulation (BAS) for email, BitDam Lucky Meter and its Malware Feed:
BitDam’s free BAS enables users to analyze their email protection and uncover any email security flaws. BitDam’s BAS automatically simulates cyber attacks and tests the user’s cyber defenses, providing insights into email security.
BitDam’s Lucky Meter allows users to check how exposed their mailbox is to unknown cyber threats that are emerging every day in real-time. Lucky Meter measures the Miss Rate at first encounter and Time To Detect (TTD) by the current security solutions in a user’s live environment, and provides a continuous assessment of the effectiveness current email security.
Our Malware feed provides access to the most recent cyber attacks from the wild, allowing users to further investigate these atatcks.
There’s a lot that BitDam offers that we believe are factors that led to BitDam being named a Cool Vendor by Gartner. For us, being recognized as a Cool Vendor highlights the critical role BitDam plays in keeping organizations and their users protected, no matter where they (virtually) are.
If you’re interested in learning more about what BitDam does and how we can help your business, schedule a demo with a BitDam expert or get in touch.
Gartner “Cool Vendors in Cloud Office Security,” Brian Reed, Ravisha Chugh, 1 May 2020
The GARTNER COOL VENDOR badge is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
In the last couple of weeks, we noticed a significant increase in the number of threats bypassing O365 ATP. We observed the same trend across multiple customers and industries, all in the US. Interestingly, most of these attacks were phishing campaigns, impersonating Microsoft.
Detecting cyberthreats that bypassed O365, along with other advanced email security solutions such as Proofpoint TAP and G Suite Enterprise, is not new to us. As BitDam’s Advanced Threat Detection is located as a last line of defense, it detects all those threats that were missed by the first line email security in place. If you’d like to learn more, you can always check out the most recent cyberattacks in the wild and which security solutions they missed in this live dashboard.
With that said, in the past two weeks, we noticed something different. Between May 13th to May 27th we have seen a drastic increase in the number of cyberattacks that were missed specifically by O365 ATP across most of our customers in the US. This includes malicious files and phishing links delivered by email. Here is some interesting statistics:
67% of the malicious emails misses by O365 ATP were phishing emails, the other 33% contained malware
90% of the phishing emails tried capturing credentials for Microsoft’s products, many of them by using notifications such as ‘a document is waiting for you’, or ‘a voicemail is waiting for you’.
98% of the malicious files were excel files, with many of them using macros
89% of the malicious excel files included ‘invoice’, ‘receipt’ in their filename
Since we have expanded our offering from malware detection only to providing also phishing protection, our researchers see constant growth in the number of phishing attacks. In the past few weeks, this trend was accelerated, and they have observed a significant spike in this type of attack. While it’s a known fact that phishing is the leading threat exploiting COVID-19, we were surprised to see the portion of phishing attacks that bypass O365 ATP, one of the leading email security solutions in the market. In one case, protecting a customer that uses O365 ATP, BitDam detected 29 malicious files in one day (!) targeting mainly the organization’s executives.
To get a real and continuous picture of how protected your email is against TODAY’s threats – which attacks are missed by your current email security and what types of attacks are putting your organization at risk – sign up for BitDam’s next generation Breach & Attack Simulation here. Spoiler: you’re going to be surprised…
Daniel Baird, Graham’s Family Dairy on BitDam Email and OneDrive Security
Daniel Baird, Head of Information Technology, Graham’s Family Dairy
We’ve interviewed Daniel Baird, Graham’s Family Dairy Head of Information Technology about his experience with BitDam’s Advanced Threat Protection (ATP). Graham’s Family Dairy is a household food and beverage name within Scotland; at the forefront of everyone’s breakfast table.
Here is the result in video and text:
Q: Daniel, what was your email security solution prior to using BitDam? Why did you decide to add another solution like BitDam’s?
A: Our security solution prior to using BitDam was Microsoft O365 ATP (Advanced Threat Protection). We were happy with O365 ATP, and still are, but understood that this is just part of the entire solution. While O365 ATP is great as the basic layer of email security, it protected us only from known threats. We were getting huge amounts of threats through Microsoft’s ATP product and these needed to be mitigated against. We’ve added BitDam on top of this as an extra tier of protection to make sure we’re protected against both known and unknown threats. The issue about these unknown threats is that they keep coming and they are not as rare as you’d think.
Q: Why did you decide to try BitDam?
A: I really liked BitDam’s fresh approach to security. While all other vendors are focused on data-driven technologies (that depend on heuristic definitions) and work well protecting threats that were seen in the wild in the past, BitDam uses a very different, model-driven approach, that detects unknown threats from the very first moment they’re out there. Furthermore, they protect OneDrive in addition to O365 email, which means that our end-users are protected on every front.
Q: What have the results been so far? What does BitDam enable?
A: BitDam has successfully identified several threats that have made it through the Microsoft security piece, and has given us advanced warning. Users don’t even notice it which is another advantage.
Q: Can you share some insight about the setup process and trial?
A: It took literally 10 minutes, probably five minutes, and it was very, very seamless. We actually started the trail when I was in the coffee shop at a conference talking to their rep. It was super-easy. Within a few weeks, we were able to realize the ROI of this solution and decided to go for it. Once you see with your own eyes the significant amount of attacks that bypass your current security and being caught by it, you don’t hesitate anymore.
Q: How would you describe, in a sentence or two, what BitDam does?
A: BitDam provides an extra tier of protection to our Office 365 email and our One Drive files. This gives us advanced intelligence against the unknown threats.
Unknown Threats are The Achilles Heel of Email Security
How secure is your organization’s email? Unfortunately, a lot less secure than many people think. For example, did you know that up to 45% of emerging threats bypass at least one of the leading email security products?
In a must-read study entitled “Unknown Threats: The Achilles Heel of Email Security”, BitDam researchers follow up on a previous study to provide even more updated, in-depth and actionable information around the email security threat.
A Quick Primer
It’s no secret that most cyber attacks start with an email bearing a malicious file or link. While organizations rely on email security products to protect their email, malicious files and links regularly bypass the leading email security products – leaving them vulnerable to attacks including Ransomware, Phishing and malware leading to Data Breaches.
Two factors compound this threat:
Many “mainstream” email security products struggle to detect threats they encounter for the first time (“Unknown Threats at First Encounter”)
Attackers are leveraging automation to mutate common threat variants, resulting in a massive increase in Unknown Threats
This creates the perfect storm for attackers and can potentially inundate security products. All this, and more, is in the latest study.
The Study – What’s New
The study now covers five months of empirical data, and includes a strengthened conclusion from the original study thanks to more data from Office 365 ATP and G Suite Enterprise.
In a major step forward, the study now includes data from Proofpoint TAP, one of the market leaders in the U.S. (Spoiler alert: it too has a Miss Rate over the study period of over 20%).
The study showcases updated metrics such as Miss Rate at First Encounter and Time To Detect (TTD) for the leading email security solutions.
What’s distressing is that the email security systems in the study – Microsoft’s Office 365 ATP, G-Suite Enterprise and ProofPoint TAP – have high miss rates of 20% to 40% for Unknown Threats at First Encounter.
45% of threats bypass at least one of these leading products and it takes them between 10 and 53 hours (yes, that’s over 2 days) to start protecting against the threats they first missed.
Who Stopped It Best?
We’ll let you go over the data in-depth in the study, but a quick summary shows how these solutions compare over the period analyzed:
Office 365 ATP: Miss Rate of 25%. Average TTD is 53 hours.
G Suite Enterprise: Miss rate of 35%. Average TTD is 32 hours.
Proofpoint TAP: Miss rate of 23%. Average TTD is 10 hours.
Does Having A Combination of These Protect Me?
Unfortunately, the answer is no.
In an example where a combination of Proofpoint TAP and Microsoft Office 365 ATP are used, the data shows that Office ATP only picks up around a third of what Proofpoint misses. Even if your security stack includes more than one of these solutions – such as this particular common combination – you are still exposed to 15% of threats.
As the study shows in detail, the security products many organizations rely on to protect their email fail to provide protection against unknown threats – much like a vaccine that protects against the previous mutation of a virus, and not the next one.
In case you were wondering, BitDam was able to correctly identify all the unknown threats missed by the email security products covered in the study. Making BitDam ATP the natural choice for augmenting current email security products, and effectively addressing the risk customers face today from their incoming email.
Most people today use some kind of instant messaging channel as part of their workday routine. We use these applications to share files, attachments, connect and work with colleagues, customers, vendors and partners across the globe. In this global world, the use of screen-sharing and video conferencing has also become significant. With most businesses operating online, the security for these applications are imperative.
This is always true! However, in the past weeks, in light of the COVID-19 pandemic and WFH phenomena, we are seeing an unprecedented growth in the usage of these platforms by existing users as we well as a huge spike in demand from new users. This is going to leave an indelible impact on technology adoption and growth in years to come, according to analysts at Frost & Sullivan.
To put things in context, Microsoft Teams user base grew to 44M from 13M users in July 2019.
Zoom on the other hand, experienced a 67% growth in their daily active user base in the first three months of 2020. The company added 2.22M monthly active users so far in 2020, while in 2019 it added 1.99M in total, according to estimates from Bernstein Research analysts.
A New Challenge Emerging: Cyber Attacks Via Enterprise Communication
The enormous growth in usage of enterprise collaborations tools in general, and Zoom and MS Teams in particular, is a fertile ground for cyber attackers. Hackers take advantage of the fact that people use these different platforms more often. According to the World Economic Forum, cybercriminals exploit the fact that many employees who are working from home have not applied the same security on their networks that would be in place in a corporate environment, or that enterprises haven’t deployed the right technologies or corporate security policies to ensure that all corporate-owned or corporate-managed devices have the exact same security protections, regardless of whether they’re connected to an enterprise network or an open home WiFi network.
Considering this new situation – the fact that most employees are working from home and the rising risk in the usage of Zoom, MS Teams and other collaboration channels – organizations must take proactive actions to ensure that these tools are not used by bad actors to penetrate their networks, which usually leads to phishing, ransomware and data breaches, causing enormous damage.
Why is this important? Files and links sent via these platforms are an easy access point for hackers. Zoom and MS Teams allow you to work with other users outside of your organization. They might have different levels and practices of security, putting your organization vulnerable to threats from the outside when sharing files and URLs.
Securing your Zoom and MS Teams Accounts
What’s clear is the use of instant messaging, screen-sharing and video conferencing platforms like Zoom, MS Teams and others will continue. This is where BitDam Advanced Threat Protection (ATP) comes in. You can deploy BitDam ATP for Zoom and Microsoft Teams with a matter of two clicks and with no interference to end users. BitDam will scan all files and URLs sent within your Zoom and Microsoft Teams accounts before they reach the end users, and would block and quarantine the malicious ones. Since BitDam’s technology is attack agnostic, it will protect your business from phishing, ransomware and any other type of malware, even when working from home.
BitDam stepped up to support businesses in these vulnerable times and is now offering a free trial for BitDam ATP for MS Teams as well as for Zoom. You’re welcome to try it!
5 Free Cybersecurity Tools That Will Help Protect Your Organization Through The Coronavirus Chaos
Facebook, Google, Twitter and many other companies both large and small have implemented remote working policies for many – or all – of their employees around the world. Millions are now working from home, and many organizations are scrambling to provide the collaboration tools and infrastructure to support this change.
The good news is that some companies have special offers in place to help companies through this chaotic period. For example, Google is offering its premium version of Hangouts Meet for free, to assist businesses and schools operating remotely. Microsoft meanwhile has made its Teams platform available for free.
Free Cyber Security Tools
When it comes to cyber security, the attackers and threats haven’t stopped because of the coronavirus. If anything, they’ve increased dramatically. Below you can find 5 free cyber security tools to help keep your business protected during this challenging time.
Odo enables the management of least privilege access to internal resources with real-time, intelligent trust decisions based on defined policies and contextual data. During this time, Odo is offering free subscriptions to OdoAccess, its secure remote access solution. This free offer is available to companies for use by employees based in countries impacted by the Coronavirus health crisis, as defined by Odo.
Cyberark specializes in secure privileged access. The company is offering its CyberArk Alero feature – which provides secure remote access to critical systems managed by CyberArk – at no cost through the end of May. The offer is for qualified customers as determined by Cyberark.
PC Matic is offering its PC Pro suite of security tools at no charge until June 30th 2020. The software utilizes PC Matic’s real-time whitelist technology to block unwanted and unsafe programs from executing on workstations. In order to qualify, companies must have ten or more remote workstations, and includes all onboarding and support services.
BitDam, who is mainly known for its Advanced Threat Protection solution for O365 email and OneDrive, is now offering its powerful ATP for Teams at no charge for three months. As remote workers use more collaboration tools – such as instant messaging and video conferencing – users are increasingly exposed to further threats as many of these collaboration tools are not fully secure. There are very few security tools solutions for these collaboration platforms, which is why BitDam resolved to offer BitDam ATP for Teams for free.
Navigate This Chaotic Period Safely
With more employees working remotely, and an environment of increasing cyber security risks, it’s more critical than ever to ensure your entire workforce – remote or otherwise – is protected.
These 5 free cyber security tools are an excellent start to strengthen your security posture.
BitDam’s mission is to secure enterprise communications across all collaboration tools. We protect organizations from advanced threats hidden in files and links regardless of the threat type and delivery method.