Contact Us




Change Locale

Examples of Silver Bullet Technology Fails

Uncategorized | Posted on August 14, 2018 by schap

Most security teams today are pretty much in the same boat: limited budget, limited manpower, and limited time to defend their network against escalating threats and attacks.  Perhaps that’s why so many information security vendors claim to have the “silver bullet” to protect the customer’s environment and solve their problems. Regardless of what a solution promises, it’s undeniable that things continue to bypass those “silver bullet” solutions. And we have a couple of good examples to show just that.

The good news is that, in these cases, the companies being targeted had a backup plan to utilize an existing commodity — its employees.  Conditioned employees are able to scrutinize and recognize things that haven’t been seen before while a piece of technology cannot.  Technology requires a signature that has been written, and in the right place, to catch a threat.

An intuitive human sensor who is properly conditioned can see when things are not right, report those suspicious emails, and give a trained analyst the opportunity to identify and mitigate an active threat.  A proper write up from the analyst can then be looped into logs, proxy and full packet captures to find other users that potentially did not identify the threat.

Let’s take a look at examples of threats that were identified by humans and not the email gateway technology:

Email Wasn’t Stopped by Proofpoint

Looking at this email we see that the attackers are acting as if they are from Microsoft, perhaps posing as support for the Office365 account. Using a common tactic of playing on the user’s sense of urgency, the phish is crafted to convince the user they must act quickly to save his or her account. And, conveniently, the attackers have included a link for the user to do just that.

Digging deeper into the HTML of the attacking email we see that the “Verify Now” link does not go to Microsoft or an attributed site, but to a malicious site that mimics Office365.

Looking in the header we see that it did come through the Proofpoint device and, while it scored, it was not stopped from being delivered to the inbox of an employee.

Luckily, this company had trained its employees to recognize phishing attempts, provided them with an easy way to report and alert IT Security and an easier way to assess, analyze, and respond to active threats.

Email Wasn’t Stopped by Ironport

The email below is the standard DocuSign phish that has been around for the past few years – so it’s a pretty well-known threat.

As indicated in the headers, this email was scanned by the Ironport engine and permitted to be delivered to the employee. Luckily, the employee was smart enough to recognize something the expensive technology did not.

We can clearly see the URL referenced in the HTML of the email.  This email reaches out to a website that is clearly not DocuSign and using a .php extension.

The employee then reported the threat to the IT Security team using Cofense TriageTM.

The URL is clearly referenced in our platform:

We can see the multiple references from VirusTotal listing the site as clean. That’s because the threat was identified immediately and the site was taken down within a day of discovery.  This gives security vendors little incentive to update their signatures to detect threats that are only online for 24 hours or less.

Your network is your castle and a few walls won’t keep it safe. You need a moat, a watch tower, and a battalion to respond to attacks.

Technology fails. Regardless of the silver bullet technology installed, attackers seem to find ways around it. Attackers are clever humans. And so are your employees. Activating your entire organization as a collective defense will ensure you have that last line of defense in place.

To learn more about the benefits of phishing awareness training, view the 2017 Cofense Phishing Resiliency and Defense Report.

This article was originally published here.

Related Articles

In 2019, Softchoice’s Innovation Executive Forum (IEF) toured North American cities once again and learned first-hand how IT leaders are driving transformation and delivering outcomes in their organizations. In this new Digital Transformation Trends report, we bring you the Top 10 highlights from our roundtable discussions in Atlanta, Denver, and Toronto. These insights were shared by groups […]

Culture | January 20, 2020 by Karen Scott

Our Commitment   At Softchoice, we are committed to providing an engaging and inclusive environment where every employee can bring their whole self to work. Softchoice believes in creating an environment where all employees – regardless of gender, age, sexual orientation, race, religion or cultural background – feel accepted and supported to succeed. And I recognize that this […]

If the last 12 months have taught us anything about digital transformation leaders, it’s this: cybersecurity is a central concern. And it’s going to get harder before it gets easier. As we toured North America with the Innovation Executive Forum, cybersecurity came up in multiple contexts, across multiple industries, across a whole gamut of departments, […]