20 Mar PhishingHunters, much more than phishing
A few days ago, on a walk, I saw something I hadn’t seen for years: a cardboard box, three plastic cups, a marble, and a group of people around. Strange as it may seem, there were no touch screens, no Internet, no technology under five years old, just a box, three glasses, and a marble. You don’t need to mention what it is called or explain the mechanics, much less that it is a swindle. The incredible thing is that, in a hyper-connected world, with all the knowledge in our pocket, and where the information flows instantly, the con-artists continue to do business, which shows us that the swindlers, whether using physical or online methods, still have their potential market.
Phishing is the modern version that swindlers use to cheat us. It shows us the three glasses in the same or very similar mail mode as our bank, it shows us the marble, a message that explains the urgency of a transaction, the need for information, or the request for your consent to take action, and finally, it asks us where the marble is, asking us for sensitive data pretending to be our bank. Anyone can fall into the trap, anyone can point out a glass and say that the ball is there, although, in reality, the ball is in the swindler’s hand.
Moreover, the new “swindlers” are not only content with your money; they want your data, the gold of our century, they want to sell your life by taking over your information, or want to encrypt your images and documents to blackmail you. The new phishing asks you to download a “security” application on your cell phone, malware, an app that has nothing to do with your bank, e-business, or whatever digital payment platform. The increase in this type of phishing has been significant in recent months, and several applications have been detected hosted on Google Play for download after receiving a fake email, phishing malware.
No one is safe. We can all have a bad day, or we can simply have the bad luck of running into a perfect phishing scam; we can all fall. For this reason, it is advisable to use automatic tools so they don’t deceive us, tools that protect us. With this background, PhishingHunters solutions were created to help us to protect us from the many risks that we find in the digital age.
Thanks to its Risk Scoring Engine, we can know, with almost certainty, that we are facing phishing. The proactive technology Tracker monitors suspicious domains before they are activated, protecting our brand and our reputation on the network which is fundamental in a world that is discovered through a screen, and this is possible thanks to Brand Protection. Furthermore, all the information is presented clearly and intuitively through the various modules, Intel Modules.
PhishingHunters has fundamental tools in the fight against digital scams, technologies against the “digital swindlers”, solutions that protect us from the different forms of deception that we find in cyberspace. But PhishingHunters is much more than what we’ve told you so far. We also have features to avoid cybersquatting, which consists of registering, trafficking, or maliciously using an Internet domain name to benefit from the goodwill of a trademark belonging to another person. In our anti-cybersquatting module, we proactively monitor the domains that might be susceptible to cybersquatting. For example, from www.phishinghunters.es, we could monitor www.pishinghunters.es (the first h )is missing. In this module, we combine machine learning techniques to create “suspicious” names so that we can anticipate the cheaters and are monitoring these domains before they can be used to conduct fraudulent activities.
To build our anti-cybersquatting system, we decided to use generative LSTM (long short-term memory). LSTMs are a type of recurrent neural network. To understand what LSTMs are, you have to understand a little what recurrent neural networks are. They are nothing more than a neural network with closed cycles that are especially oriented for the recognition of patterns in data sequences, such as texts, genomes, manuscripts, a person’s speech, or data in temporary sequences that can come from sensors or stock markets. These algorithms take into account the time or sequence (the order) of the data to find the patterns. Recurrent neural networks have a problem called vanishing (or exploding) gradients that, depending on the parameters that they and their internal architecture have, will cause some variables to be underrepresented (vanishing) or overrepresented (exploding). Let’s say that there are variables that are forgotten, or remembered, but there is not much control over which, since the network does not give this kind of control. For this purpose, the LSTMs (long short-term memory) were created, which have an internal architecture consisting of cells, entry doors, exit doors, and doors of forgetfulness, making the control much greater for configuring the network parameters to find the patterns found in the data. In the case of anti-cybersquatting, we have used generative LSTMs to feed the network with a large quantity of previously known cybersquatting tactics and that generate for us new cybersquatting schemes that are not published on the network and that have not even been created. Our tracking systems can then monitor them to obtain a rapid detection of the possible frauds that our clients face.
Another of the fields where we apply machine learning is the detection of malware. As mentioned, the connection between phishing and malware is becoming more common every day. The growth of this type of fraud has been significant over a very short time, so the focus has been placed on conducting in-depth research and development to avoid the obvious threat to our customers. Thanks to our algorithms, we can detect such malware and prevent it from being downloaded. From PhishingHunters, we carry out a continuous search for new malware to study it to increase our knowledge and improve our intelligence. Our system automatically analyzes every new file that we receive from different sources. A static and dynamic study is conducted from which evidence is obtained, and each element is a clue that tells us whether the file is a malware or whether it affects our customers. Such evidence can range from something as simple as the file size or file name to the extraction of the functions used or the information encrypted.
Once this evidence is extracted, it is processed by our algorithms designed and trained for the detection of malware. Its functioning, as in the case of cybersquatting, is based on neural networks that have learned to distinguish malware patterns after being trained by a large body of evidence. These networks not only tell us if the analyzed file is malware, but they are also able to distinguish which malware it is and to which family it belongs. This information is fundamental to the next steps that we take as the members of a malware family have the same or very similar parameters.
The processed malware is re-analyzed, but this time, knowing the family to which it belongs, it can be analyzed more accurately. By collecting all the necessary information, it is possible to know if any of our customers can be compromised, if they can suffer fraud through it, if it belongs to one of the bot networks that we monitor, or if, to the contrary, it is new…
Once all the information is collected, it is made available to the user through an intuitive dashboard, clear and organized by each of the PhishingHunters modules.
With our intelligence, the detection and extraction of information from all the modules is carried out automatically which we consider to be a big advantage, regardless of the workload of the system, since it will process all the evidence and examine all the threats detected, providing a precise and rapid response and verdict, which is highly important when we consider cybersecurity
We started this article by seeing how both the so-called ‘swindlers’ of years ago and the cybercriminals of today have innovated, an industry that never rests to gain the greatest possible benefits. And it is precisely that lack of rest and that continuous innovation that has given rise to PhishingHunters to offer unique services to predict, anticipate, detect and mitigate cyber-attacks and incidents by merging the most innovative solutions.