Our mission is making INBOX.CLEAN™ a reality: stop phishing attacks — the root cause of 95% of breaches — before they reach users. Get the only solution that preemptively stops Business Email Compromise, malware, ransomware and other advanced threats by discovering and eliminating them before they cause damage.
A cybersecurity analyst or engineer wakes up every morning, flips on their laptop, and defends others from attacks, responding at the speed of lightning to beat cyber villains, and with unmatched adaptability and agility stops cyber villains from getting into your inboxes and organizations – all while calling it just a normal day at the office.
Area 1’s cloud-native SaaS solution supports three key use cases: preemptive anti-phishing across all threat vectors (email, web, social, network); cloud email security / SEG replacement; and phishing security automation for SOC teams.
Area 1 is a Microsoft Certified Partner and a Google Cloud Security Technology Partner of the Year. We also integrate with a number of SIEM, SOAR, SEG and firewall technology providers to fit your unique infrastructure. Learn More
FIND A CHANNEL PARTNER
Work with trusted cybersecurity experts across the globe to secure your business. Learn about our partnerships with Legato Security, Optiv, SADA Systems, SYNNEX and others. Channel Partners Become A Channel Partner
AMERICA! WE HAVE A 2021 MARCH HACKNESS CHAMPION! (Granted, it’s a phishy title that no organization really wants to win).
A Cinderella story. The underdog. The New Kid on the Block is … the World Health Organization!
Although the WHO won’t want you to get fooled (with phishing) again, they are the undisputed March Hackness Champion of 2021!
Truly, what a difference a year makes. The COVID-19 pandemic changed the world, including the world of Phishing and cyberattack lures. Our researchers identified over 2 million Phishing spoofs (out of more than 22 million) that specifically exploited the WHO brand between May 2020 to February 2021.
For example, in this phishing message from last year, the attacker lures victims by posing as the WHO, claiming to offer safety measures on how to stop the spread of the virus. We see Display Name Spoofing, where the true sender is actually this alansariornan[.]com domain.
In an attempt to add legitimacy to the phishing example above:
The attacker added the logo for the WHO in the body of their message. This is a common tactic, which Area 1 uses to help detect malicious messages (more specifically, our advanced computer vision algorithms and statistical models essentially train computers to interpret and understand digital images).
The attacker also used a fairly sophisticated technique to avoid detection by abusing the legitimate service, Appspot.com, to host their phishing site. Appspot is a cloud computing platform for developing and hosting web apps in Google-managed data centers, so naturally, those domains are commonly whitelisted — and the corresponding links are not typically evaluated.
Campaigns like this use well-designed login pages in an attempt to capture login credentials, which are then sent to a remote server controlled by the attacker.
Aside from the likes of the WHO (#1), Moderna (#25) and CDC (#48), these companies (whether they like it or not!) also made our annual phishing bracket for the first time this year:
#7 — Marketo
#20 — Columbia Sportswear
#24 — UPS
#38 — CNN
#50 — Zoom
#51 — Adidas
#53 — Nike
#63 — Zillow
Much like in the real tournament, there were several upsets in the Phishing brackets as well. Former 2017 and 2019 March Hackness bracket champion, PayPal, didn’t even crack the Sweet 16 round this time.
With the world on edge in 2020, hackers took every advantage they could to find a way into organizations. Their weapon of choice is trust. Who wouldn’t want information from the WHO about a virus that is affecting every aspect of their lives? Hackers know this, so they use it.
And as I shared in our prior Not-so-Sweet 16 post, email authentication and sender reputation standards (such as SPF, DKIM and DMARC) aren’t enough to prevent phishing attacks from reaching inboxes.
Email authentication and sender reputation were designed to help brands deliver their email messages properly — not to help defend your organization from the most sophisticated phish.
In fact, our co-founder/CSO, Blake Darché, and our principal security researcher, Javier Castro, demonstrated through the creation of a real-time, DMARC-passing attack, just how fast and easy it is for attackers to get phishing emails into your inbox:
Remember, even when you deploy DMARC for your domain:
It’s easy it is to establish a new phishing domain that exploits trusted infrastructure
It’s fast to set up DMARC, SPF and DKIM policies for new phishing domains in order to reach inboxes
You need to detect phish beyond email authentication via comprehensive message analysis, computer vision, domain registration checks, and other techniques beyond email authentication.
Takeaways from the 2021 March Hackness Tournament
Here are some other key insights on the past year’s contenders:
The Top 4 “seeds” were seen in over 6 million phishing attacks.
The Top 10 accounted for over 56% of ALL spoof- and impersonation-based phishing attacks.
Our 64-brand bracket included 15 different industries. The most well-represented were Technology and Financial Services/Banking.
Attackers will use what is in the headlines to make attacks land. COVID-19 and a Presidential Election heavily influenced the attack patterns of phishing attacks in the U.S. last year.
Well America, I had a great time with you for the 2021 March Hackness tournament. Will our Cinderella return to the ball next year? You’ll have to join us again to find out!
Until next time… (Dick Vitale one last time)
GOODNIGHT BABY! WE’LL BE DANCING AGAIN NEXT YEAR!
Want to keep up to date with the latest phishing trends?
Kevin Wilson is a Sr. Product Manager at Area 1 Security. Throughout his 14 years in Cyber Security, Kevin has been an Analyst and Engineer in various organizations such as the U.S Navy, First Data, and Lowe’s. Previously he served as the Global Information Security Officer at Guess? Inc as well as a Product Manager for McAfee.
Business Email Compromise (BEC), also sometimes referred to as email account compromise (EAC) or vendor email compromise (VEC), is a type of phishing attack that takes advantage of an existing relationship between a victim and organization.
https://www.area1security.com/wp-content/uploads/2022/04/BlogEmailBanner_BECAttackType_2022APR14.png13072500Elaine Dzubahttps://www.area1security.com/wp-content/uploads/2022/04/Cloudflare-A1S-Logo-1-1.pngElaine Dzuba2022-04-18 10:07:242022-07-08 14:19:35Understanding the Four Business Email Compromise Attack Types
Dear America’s sports-loving, company-securing fans: Before you find yourself glued this weekend to (what some call) THE biggest game in college basketball history, we are here to crown the 2022 March Hackness winner!
https://www.area1security.com/wp-content/uploads/2022/03/Champion-Banner_2.png10002500Elaine Dzubahttps://www.area1security.com/wp-content/uploads/2022/04/Cloudflare-A1S-Logo-1-1.pngElaine Dzuba2022-03-31 06:00:292022-04-28 08:49:23Area 1 Security Announces the Most Spoofed Brand of 2021
Area 1 Security’s Sixth Annual March Hackness: The Perfect Phishing Bracket is here! Learn who made the list of the top brands that attackers use in phishing lures.
https://www.area1security.com/wp-content/uploads/2022/03/SocialBanner_Blog_MarchHackness2021_2500x1000-Copy-2.jpg10002500Elaine Dzubahttps://www.area1security.com/wp-content/uploads/2022/04/Cloudflare-A1S-Logo-1-1.pngElaine Dzuba2022-03-26 20:45:192022-04-28 08:51:272022 March Hackness: The Return of the Phishing Bracket