SECURITY NEWS
Cloudflare AREA 1 - fighting the war against phishing
Phishing attacks can take several forms . Bashar Bashaireh , Managing Director , Middle East and Turkey , Cloudflare , explores the different types of phishing and how Cloudflare Area 1 can be used to counter them .
phishing attack is a targeted , fraudulent
A communication that appears to come from a reputable source . Email phishing occurs when attackers trick legitimate users with proper access credentials into taking action that open the door for unauthorised users , allowing them to transfer information and data out ( data exfiltration ). The most sophisticated email attacks compromise trusted vendor and partner accounts to steal money and data . Security teams are overwhelmed with high volumes of userreported email threats , time-consuming policy setup and upkeep and manual incident response .
There are five types of different phishing techniques : 1 . Impersonation phishing : The attacker poses as a known and / or trusted contact .
2 . Credential harvester : The attack focuses on gathering compromised user credentials ( emails and passwords ).
3 . Malware attachment : The victim is prompted to open an attachment that contains malware .
4 . Voicemail phish ( vishing ): A supposed voicemail sound file actually redirects the victim to a web site .
5 . Order confirmation phish : In this attack , the victim clicks a link to a spoofed login page .
Zero Trust strategy needs to include email
Email is the most used form of communications today . As per research from Gartner , 70 % of organisations use cloud email solutions today . These are primarily Microsoft 365 and Google Workspace . The firm also estimates that 45 % of organisations will have experienced attacks on their software supply chains by 2025 . Phishing attacks exploit our implicit trust in email communications . A study by
Deloitte shows that 91 % of all cyberbreaches originate from phishing emails , which target the weakest link in an organisation ’ s security posture : people . This includes Business Email Compromise ( BEC ) or Vendor Email Compromise , ransomware , credential harvesting and malicious attachments . Socially engineered phishing attacks are often delivered under the guise of being a trusted brand or business partner .
Weaknesses in current security approaches
When it comes to email security , organisations have legacy Security Email Gateways ( SEGs ). Security is primarily SPAM focused , not cloud-native , has a high miss rate ( around 30 %), remains reactive and is missing new phishing campaigns . API solutions and email authentication technologies have their limitations and although end-user education is important to create awareness , it cannot alone stop breaches .
Cloudflare Area 1 – Pre-emptively stopping phishing attacks
Cloudflare Area 1 is a cloud-native email security solution whose mission is to deliver a clean inbox to organisations . The platform pre-emptively stops targeted phishing and BEC attacks . Cloudflare Area 1 was integrated into Cloudflare One ( Zero Trust solution ) further to Area 1 ’ s acquisition by Cloudflare in April 2022 .
Cloudflare Area 1 uses technology that crawls the entire Internet every week ( this means looking at around 8 billion items ) for attacker infrastructure and delivery mechanisms , resulting in identification and prevention of phishing attacks during the earliest stages of an attack cycle . This ensures that the system is completely up to date . The platform can be deployed inline , over APIs , or in multimode deployment . The solution provides customers with a 99.997 % detection efficacy rate and offers leading scalable and uptime functions .
What makes Cloudflare Area 1 Special ?
Cloudflare Area 1 provides cloud-native email security that fits into any stack . It is : 1 . Pre-emptive : with a massive-scale phishing indexing to stop attacks before they reach inboxes .
2 . Continuous : It has multiple protection layers before , during and after emails reach inboxes .
3 . Flexible : Deployment can be initiated and completed in as little as 5-minutes , with no disruption to mail flow , via inline , API or multi-mode . It saves a lot of time !
4 . Contextual : Analyses content , context and social graphs of email communications to stop “ needle in the haystack ” email threats like long-con BEC and vendor invoice fraud .
5 . Comprehensive : Covers the full range of email attack types ( URLs , payloads , BEC ), vectors ( email , web , network ) and attack channels ( external , internal , trusted partners ). •
Bashar Bashaireh , Managing Director , Middle East and Turkey , Cloudflare
INTELLIGENT TECH CHANNELS 13