Alert: New Phishing Evasion Technique
Aiming to decrease the chances of being detected and gaining
Malicious files and links regularly bypass all the leading email security products, leaving enterprises vulnerable to email-based attacks including Ransomware, Phishing and data breaches (and more specifically, Emotet, Dridex, Maze, Lokibot, Wannacry and more).
We see this first-hand working with customers. Installed as a last line of defense, BitDam ATP for email detects malicious attachments that slip through various SEGs. When customers use BitDam Lucky Meter to check how protected their email is against fresh malware, their email security products score poorly, failing to block most of the samples included in our BAS test.
We also know that increased use of automation allows attackers to create many ‘mutations’ for each malware or malicious file, potentially inundating email security products with new unknown threats.
Could this explain the shortcoming of email security products? To answer this question we conducted an empirical study to measure their ability to detect Unknown Threats at First Encounter.
The study entails retrieving very fresh samples of malicious files from various feeds and sources, qualifying them as Unknown Threats, and then sending them to mailboxes protected by Office365 ATP, G-Suite Enterprise or Proofpoint TAP. We measure miss rate at first encounter and Time To Detect (TTD) for these Unknown Threats.
Our findings show a miss rate of 20-40% and a Time To Detect of 10-53 hours (!). This Detection Gap keeps enterprises continually unprotected against unknown threats.
BitDam’s Advanced Threat Protection (ATP) solution is threat-agnostic, has a very low miss rate of unknown threats, thus significantly reducing the risk of successful email-based attacks.
Install BitDam’s feed app “Lucky Meter” to get in-the-wild samples to your account and see how exposed you are.
Aiming to decrease the chances of being detected and gaining
