Η μηχανή τεχνητής νοημοσύνης Zero-phishing της Check Point Software Technologies αναβαθμίστηκε και βελτιώθηκε για να εντοπίζει και να αποκλείει την access in possible attempts to counterfeit trademarks of both local and global companies in many languages and countries.
· New domains are inspected immediately after registration for prevention, so potential spoofing attempts are ruled out before they are even used in an attack.
· New Brand Spoofing Prevention engines use Machine Learning, Natural Language Processing and Image Processing to detect attempts to spoof companies both locally and internationally.
Brand Spoofing
At exhibition In their 2023 cybersecurity report, Check Point's research teams reported that in 2022, 21% of initial intrusions were due to phishing incidents. Well-known brands such as Microsoft, Google and LinkedIn, Wells Fargo and Walmart are often impersonated by cybercriminals who try to steal people's personal information or payment credentials.
For example, LinkedIn users faced the risk of account theft through fraudulent emails disguised as reports, while Wells Fargo customers received emails requesting account information under false pretenses. Walmart customers lured with false promises of gift cards in exchange for personal information.
Similarly, customers of local banks, online stores and travel agencies are also often targeted by phishing incidents involving rewards points, important account-related messages and fake transaction alerts.
How does the attack work?
In a phishing attack, criminals try to impersonate the official website of a well-known brand using a similar domain name or URL and a web page design that resembles the genuine website.
The link to the fake website is then sent to targeted individuals via email or text message. Users may be redirected while browsing the web or via a fraudulent mobile app. The fake site often contains a form designed to steal users' credentials, payment information, or other personal information.
Attackers target brands of reputable companies to emulate because they are confident that these companies have a reputation for being trustworthy. Cyber criminals also know that it is difficult even for large companies to stop such brand impersonations on their own.
Understanding Local Brand Spoofing
While global tokens are a common target for counterfeiting, a significant and growing number of attacks use local tokens to create the most compelling social engineering mechanism.
In a local brand spoofing attack, the attacker will target people locally with a local brand that the target will be familiar with.
The use of local brands in attacks is highly effective for attackers as it is highly persuasive and often successfully fools top executives and even security professionals. Local brands used are often banks, financial services, post offices and government websites.
Therefore, it is important to understand that protecting against attacks using Brand Spoofing must take into account the huge challenge of covering not just global brands, but local brands – on a global scale.
An example of a local brand attack:
Recently, the new engine blocked a zero-day phishing attack that attempted to impersonate an Indian multinational bank and financial services company based in Mumbai, India.
This attack was blocked in Harmony Browse for a customer (an Indian bank based in New Delhi) that was targeted in the above phishing attempt.
This attack was detected and blocked by Check Point.
Since its inception, the patented integrated technology “Zero Phishing” by Check Point has prevented dozens of zero-day phishing campaigns.
Brand Counterfeit Prevention – Proactively detect and block local and global brand counterfeits using AI
To enhance online security and protection, Check Point has introduced an industry-first built-in security technology called 'Zero Phishing' in the Titan version, T81.20, leveraging patented technology based on proprietary AI engines. This zero-phishing security is also available across all Check Point product lines – Quantum, Harmony and CloudGuard.
Check Point is now expanding its Zero-Phishing offering by introducing an innovative new AI engine to prevent local and global brand impersonation used in phishing attacks across any attacker – from networks, email, files, mobile, SMS and endpoints to SaaS – with a 40% higher catch rate than traditional technologies.
The newly developed engine blocks links and browsing related to both local and global brands that have been impersonated and leveraged as bait to trick victims into phishing attacks spanning multiple languages and countries.
Capabilities to block fake global brands like Microsoft, LinkedIn impersonation have been around for some time, but this newly developed engine will have the ability to block fake sites impersonating even local and regional brands. For example, it can detect and block an attack on the Spanish post office or a spoofed website masquerading as a local bank in the Netherlands.
An additional feature of the new engine is what we call Pre-Emptive Prevention, where it scans domains immediately after registration to detect spoofed domains.
Spoofed domains are then stored in Check Point's ThreatCloudAI, enabling proactive customer protection across all Check Point products, with collaborative intelligence across all surfaces, blocking access to links in emails, files, messages, etc. . or while browsing the web.
The new engine uses advanced AI algorithms, Natural Language Processing (NLP) and image processing, to detect similarities with known brands. These algorithms compare the structure of inspected content to a database of known brands to determine if there is any indication of brand spoofing.
How does it work;
• Uses URL characters or web page content as input
• Extracts attributes and compares them with several anchors of the original web page, such as domain, favicon, copyright, title, text similarity and more, to identify impersonation
• Uses machine learning and heuristics to classify phishing attack
• Proactive prevention – newly registered domains are immediately inspected for brand spoofing attempts, detected and blocked before the attackers' campaign even begins
There are 3 main phases in classification.
In the first step, features are extracted from the URL or page content to be used later for analysis.
In the second step, using the extracted features and NLP, artificial intelligence and heuristics mechanisms, the brand content is derived.
In the final step, the brand context along with its anchors and all extracted features are again run through a classification layer using AI for a final classification of whether the content is genuine or fake.
Keep Your Users Safe – How to Identify Phishing URLs
URL phishing attacks use tricks to convince the target that they are legitimate. Some of the ways to detect a URL phishing attack are:
• Ignore display names: Phishing emails can be configured to display anything in the display name. Instead of looking at the display name, check the sender's email address to verify that it's from a trusted source.
• Domain verification: Phishers usually use domains with minor spelling errors that look reasonable. For example, company.com can be replaced with cormpany.com, or an email can be from company-service.com. Look for these misspellings, they are good indicators.
• Check the links: URL phishing attacks are designed to trick recipients into clicking on a malicious link. Hover over links within an email and see if they really go where they claim. Enter suspected links into a phishing verification tool, such as phishtank.com, which will let you know if they are known phishing links. If possible, don't click on a link at all. Visit the company website directly and go to the indicated page.
Check Point's Zero-Phishing engine, running as part of ThreatCloud AI, is revolutionizing threat prevention, providing industry-leading security as part of Check Point's Quantum, Harmony and CloudGuard product lines.
