Stopping the #1 Source of Exploitation:  Spear Phishing in Depth

Again, Inky® receives another award, two years in a row.  You’re still wondering who they are and why they are so important?  First, let’s review their name, who their founder is and what problem they are working on solving using artificial intelligence (a.i.), machine learning and ‘big cloud’ data.

So, at first, I was wondering why the company wasn’t called FireSHIELD or SteelBlue or some other also-ran InfoSec name.  So my first question – why the name Inky®?

Figure 1: Dave Baggett, CEO/Founder Inky®

Dave Baggett has a very cool answer…he said to me, ‘think about Octopus going fishing…they hit them with their ink to confuse the senses and then they easily capture the fish.  So as you can see from the cartoon, the Octopus uses it’s big brain to outsmart the fish – and that’s what Inky is doing to phishing attacks…outsmarting them.

Inky makes Phish Fence to capture the worst of the worst and nearly all phishing attacks.  Phish Fence acts like a phishing expert sitting next to each user, analyzing that person’s mail.  Users simply click the black Inky icon and a side panel displays the analysis.  This significantly reduces the chance that an employee will fall for a phishing scam.

About The Founder of Inky®

Dave Baggett is not a first timer at this, he grew his last company to a $700M valued acquisition – sold to Google – which did, wait for it, a.i., machine learning and big cloud data analysis – just for a completely different purpose – so he and his team absolutely have a leg up when it comes to innovating in the field of anti-phishing.  This last company that he founded leveraged Dave’s expertise in machine learning and huge data set analysis in real-time.  Taking that big data set analysis knowledge, artificial intelligence and machine learning into Inky, is a perfect transition.  Dave’s team is looking to go faster than the latest phishing exploit and he knows that machine learning is the way to go.  He’s bright, passionate and doesn’t need to be working at this – he could be on a beach somewhere in early retirement.  However, he is a serious entrepreneur who wants to create something of lasting value – to solve a huge problem that affects all of us.  This is his mission and he’s the real deal.  I’d say he’s a time-based security market leader – this is my favorite model because it works – be faster than the exploitation of the vulnerability and you win.  Humans just can’t do it anymore.  This is also a worthy use of AI, where machines don’t replace us, they augment us and provide real-time expertise when we need it.  Dave and his team at Inky are doing just that with their Phish Fence solution.

According to Cyber Defense Magazine, Global Cybercrime will reach $5 Trillion by 2020.  Most of these breaches happen through email.  It all starts with a spear phishing attack whereby a trusting user, the victim, clicks a link or opens an attachment in an email that appears to come from someone they trust.  Spear phishing is becoming so sophisticated that even the best anti-phishing systems have not been able to detect the latest threats.  Enter Inky and Phish Fence – they discover the most challenging and well-structured spear phishing attacks that other vendors cannot touch.

MOST BREACHES CAUSED BY SPEAR PHISHING ATTACKS:

“The biggest form of cybercrime is spear phishing and remote access trojans (RATs), but most users quickly forget their anti-phishing training – it requires a completely new approach and Inky brings it to the table” said Gary S. Miliefsky, Publisher of Cyber Defense Magazine and Cybersecurity Expert.  Just watch this video to see:

Another example of how Spear Phishing and RATs have affected the US Government: https://www.cnn.com/videos/tv/2015/04/08/exp-cybersecurity-expert-on-white-house-hack.cnn among others…

So, Inky developed Phish Fence as a unique new solution that protects Outlook users against spear phishing and other email-based attacks.  It’s the first anti-phishing solution that works as an add-in right within Outlook. It gives your users detailed information about email-based threats, providing both protection and training.

Figure 2: Screenshot of Inky’s Phish Fence plugin running inside Outlook

Inky Phish Fence can be deployed either as an email plugin for Outlook or Gmail or through an inline gateway model with rules for mail delivery and warnings.  Thus, instead of a side pane plugin, warning users about a spear phishing attack, Inky Phish Fence can redirect emails away from users or add a warning to the body of the suspicious email so users know, from inside the email, that it’s suspicious and risky.

Inky Phish Fence analyzes the full HTML contents of each mail live when the user views the mail in Outlook. Machine learning algorithms spot misleading links, attempts to impersonate major brands, suspicious uses of typo and Unicode domain name variants, and sources of questionable content like gambling, malware/adware and trackers. Inky also flags external emails that claim to be from internal senders.

Everyone’s talking about how hot the future of Cybersecurity will be when vendors start adding ‘artificial intelligence’ and machine learning.  Inky has already done it.  They are light years ahead of competition.

For example, if you haven’t checked it out yet, there’s a standard for email you should be looking at called DomainKeys Identified Mail (DKIM), which allows senders to associate a domain name with an email message, thus vouching for its authenticity.  The mail server signs the email with a digital signature in a field that’s added to the message header.   What’s really cool is that when the signature is generated, the public key used to generate it is stored at the listed domain. After receiving the email, the recipient Mail Transfer Agent (MTA) can verify the DKIM signature by recovering the signer’s public key through the Domain Name Service (DNS). It then uses that key to decrypt the hash value in the email’s header and simultaneously recalculate the hash value for the mail message it received. If both match, then the email has not been altered. This gives users some security knowing that the email did originate from the listed domain and that it has not been modified.  Signatures are set to expire to avoid the attack vector of reusing a signed email, so signatures are set to expire.

Figure 3: Screenshot of Inky’s Phish Fence Warning Message

Unfortunately, the current widely implemented standard, DomainKeys Identifed Mail (DKIM), can only verify the server, not the individual, from which an email arrived. DKIM specifies one key per server. That’s fine if the server is, say, bankofamerica.com, but what if a spoofer sent from bankofarnerica.com? The combination of “r+n” looks closely like an “m”, especially in some san serif fonts such as Arial.  Inky Phish Fence is smart enough to catch this among many other newer forms of intelligent phishing attacks.

Those ‘last generation’ anti-phishing solutions protect  against malware attachments and spam, which is important. They sometimes claim to deal with phishing, but they only recognize phishing attacks via URLs that people have previously reported. Cisco Umbrella, for example, relies on the PhishTank database of reported phishing URLs.  Unfortunately, this approach doesn’t work on the large and growing array of phishing attacks that have never been reported, have URLs uniquely targeting recipients, or lack URLs entirely (such as spear phishing wire fraud emails).

I’ve been a strong proponent of user training and awareness and have recommended PhishMe on numerous occasions. However, we find that after training, many users are easily co-opted, yet again.  What I like even more is how Inky Phish Fence is not simulation – it’s real-time security.  It gives end-users and IT staff specific feedback on real email they’ve received.  Lately, the most recent phishing attacks look no different to the human eye than legitimate messages.  So, it’s time someone solved this problem.

This next wave of phishing attacks includes forgeries that are visually indistinguishable from the brands they are attempting to impersonate. Attackers are using domain names, URLs, and logo imagery that humans cannot differentiate from the real thing. An example is the recent attack using the domain bankofarnerica.com (note the letter M has been replaced by the visually similar RN sequence). This kind of differences so subtle that even trained cyber security experts have a hard time spotting it.  The bottom line is: no amount of training can make users see something that isn’t there.

Uniquely, Inky Phish Fence anti-phishing engine performs content checks to identify these attacks. Phish Fence incorporates over two dozen content checks based on heuristics and AI, and represents the next generation phishing protection, built to address this new wave of attacks.  Inky Phish Fence uses machine learning models to look at each email – the text and imagery – as a human would, to identify brand impersonation. No other solution does this, and without this protection you remain exposed to email-based phishing attacks.  Finally, Inky Phish Fence both protects and educates users. Gateway solutions simply quarantine mail that fails their checks, leaving users confused about what happened.  Inky Phish Fence gives users feedback they can understand about exactly what seems suspicious.

We’re pleased to announce that Inky makes our Editor’s Choice for Deep Sea Phishing as an InfoSec Innovators for 2018 because they have uniquely solved a huge problem way beyond the normal capabilities of any anti-phishing solution we’ve seen.  Like most really cool startups, Inky® chose to spend a lot of time in stealth mode building out the technology.  They setup shop at Rockville Maryland’s Innovation Hub at 155 Gibbs Street, Rockville, MD 20850.  You can reach Dave and his team Toll Free at 1-833-727-INKY (4659) or via email at sales@inky.com and at https://inky.com.

About the Author

Gary Miliefsky is a Keynote Speaker, Author, Inventor, Investor and the Publisher of Cyber Defense Magazine and is a globally recognized cybersecurity expert and founder of numerous cybersecurity companies.  He offers his own next gen a.i. based antivirus software for windows but it’s just for his family and friends at http://www.trymyantivirus.com so Gary can spend more quality time with them instead of always cleaning up their Windows mess.  Learn more about him at https://www.cybersecuritymediagroup.com/about-our-founder/ He is also proud to be expanding the Cyber Defense Media Group with the upcoming launch of CyberDefense.TV.