The number one cause of a cybersecurity breach is phishing, and this year the average cost of a corporate breach was $2.8 million, making phishing big business.
Yet, many organizations do not see phishing as their biggest concern and do not use the latest technology to defend themselves against 2.0 phishing attacks.
In July, SlashNext Threat Labs reported a 30% increase over 2019 as phishing threats grow to over 25,000 a day. However, as the year comes to a close, that number grew to 35,000/day by early December and now is well above 50,000/day.
Phishing attacks are growing because they are no longer just an email problem. The problem has expanded to SMS/iMessage, social networks, collaboration platforms, videoconferencing, and gaming services. Cybercriminals use fake login scams, scareware tactics, fraudulent ads, and rogue software downloads as attack payloads.
Mobile users are particularly vulnerable because of small screens, users’ mistakes, and invisible URL strings hiding the address. With iPhone, users are 18x more likely to get phished than to download malware. The stakes are high for mobile and endpoint security vendors to make sure they detect and block these zero-hour attacks. Still, these fast-moving threats are taking days to appear in threat detection engines, leaving the cybercriminals an eternity to wreak havoc on remote workers.
SlashNext uses virtual browsers and machine learning to identify over 40,000 unique phishing URLs a day with patented technology that identifies zero-hour phishing threats, hours and sometimes days ahead of the leading threat detection engines. SlashNext tested several malicious URLs to see if VirusTotal or other threat feeds discovered and blocked those attacks, as demonstrated in this blog post. Of the URLs that we found, VirusTotal and many other engines still reported them clean four days later, despite the fact they were still active. Learn how SlashNext stays ahead of the competition in this video.
Protecting remote workers from today’s sophisticated attacks requires a phishing protection toolbox that takes a Zero-Trust approach covering several attack vectors and goes beyond URL inspection and domain reputation.