We have been working with Pixm since early 2017 and felt their computer vision approach to detecting and stopping phishing attacks was unique and effective. Pixm recently launched their free for personal use and business solutions. I conducted an interview with Pixm president and co-founder Arun Buduri and we covered the current state of phishing, how computer vision helps combat phishing and the new personal use and business offerings.
Why do we still have successful phishing attacks today, even though we have awareness training and cloud based filtering?
Before we dig into that, I want to quantify how widespread these attacks are. The phishing attack is a hacker’s most common and most favored attack vector. 93% of all data breaches today start with phishing. Two years ago, that was 91%. Moreover, 90% of all email attacks today are malware-less and involve phishing. This alarming trend, however, doesn’t mean users are ignorant of phishing attacks. To the contrary, phishing and awareness training has been around for a while and has definitely helped spread the message. However, they only help so much. Hackers use a lot of techniques to conceal their identity and these techniques are getting sophisticated by the day. Combining these techniques with targeted social engineering makes it much tougher, if not nearly impossible, for an end-user to be able to distinguish a genuine email (or a website) from a fake one.
As for cloud based filtering, most of the anti-phishing services today are deployed in the cloud, typically at the incoming email layer, filtering incoming emails containing blacklisted links, attachments, or keyword patterns matching previous phishing attacks. Over the last few years, hackers have evolved their attacks to now blacklist or block all cloud based anti-phishing services. This means when a cloud based anti-phishing service tries to access a phishing attack page, the hacker is able to identify the source of the request (as the anti-phishing service) and serve an entirely different (benign) page to avoid detection. The actual phishing attack page is shown only to an end-user upon clicking the link on their end device. This evasion technique has now transformed phishing attacks into an endpoint problem.
How is Pixm’s computer vision solution to detect and prevent phishing different from current agents and email filtering services available today?
Though we cannot claim as to what the competition is or isn’t doing, it has been widely established that they still rely on blacklisting and IP reputation techniques to stop already known phishing attacks but not brand new ones. Hence the increase in the numbers. It takes nearly 8 to 48+ hours for current anti-phishing services to blacklist a brand new phishing attack. By then, the hacker has already done the damage or has gained access into the network.
However, the success of a phishing attacks relies heavily on making the fake login page look visually believable to the human eye and avoid raising red flags by the targeted victim. Pixm uses this visual aspect of the attack and doesn’t rely on blacklists. Pixm’s anti-phishing solution is installed directly on laptops and desktops that includes an agent and a browser extension that communicates with the agent. As soon as a webpage is opened in the browser, Pixm’s computer vision technology visually scans the webpage in real-time to look for branding elements and login areas, and determines if the page is trying to impersonate a brand’s login page.
Let’s take Bank of America as an example. If the visual analysis determines that page looks like a Bank of America login page, Pixm immediately verifies that the website’s domain is one that’s authorized to display that login screen. If not, the attack is immediately shut down within the user’s browser so that the user doesn’t accidentally submit any information to the hacker. All of this deep learning computer vision analysis happens in real-time directly on the end user’s device and Pixm is the world’s first commercial desktop software to do so.
Apart from stopping phishing attacks in real-time, Pixm also verifies if a user is on the real login page of a brand by displaying a “green bar” and giving the user an added assurance that it is safe to use their credentials on the page. Pixm’s customers, especially in the finance sector, love this feature and use the “green bar” also to drive behavioral change among their employees to not login to a webpage unless they see the bar.
How does the “in browser” approach protect users from non-email attack vectors such as from Slack, LinkedIn, Facebook and other forms of communication?
While email is among the most popular phishing attack delivery medium, hackers do target users on other popular platforms as well. Being in the browser is really powerful for Pixm. The attack source could be a message on popular messaging platforms such as Slack, LinkedIn or WhatsApp, or a fake ad on social or search platforms. Irrespective of where the link is clicked from and as long as the page opens in a browser, Pixm’s technology will scan and shut down the attack immediately if it is determined to be a fake login page.
Does your endpoint work alongside cloud based anti-phishing solutions such as Mimecast or Proofpoint?
Yes. Pixm’s endpoint solution complements existing spam and cloud based anti-phishing solutions in protecting users and organizations in real-time at the point of click. Phishing threat intelligence generated from such endpoints will be a valuable source of real-time attack intel that could be used by cloud based solutions to stop the attack from spreading further.
What are the differences in your community and commercial offerings?
Our community offering is available for free download and protects the user from broad phishing attacks impersonating popular brands. As per APWG’s (Anti-Phishing Working Group) report, nearly 400–500 top brands are targeted each month in phishing attacks. PayPal used to be the #1 targeted brand but with the rise of Office 365, Microsoft is currently the top targeted brand. With the free version, users can stay protected from phishing attacks targeting those popular brands. We currently support the top 100 brands and will continue to add brands in subsequent updates. The free version does not track any user related information (such as user name, logged in user id etc) and keeps the protection anonymous. We also provide free and automatic software updates.
While the free version protects users from general phishing attacks, our commercial offering protects organizations (and its employees) from targeted spear-phishing attacks by adding custom brand protection. Spear-phishing attacks are highly targeted, do not involve bulk emailing and target specific people in an organization. Pixm’s custom protection visually verifies if a customer’s brand and its login page is being used on an unauthorized domain. The commercial SKU is also highly scalable, robust and a secure solution that is fast and easy to deploy enterprise-wide (via GPO, SCCM, and others) to all endpoints. We also provide an intuitive centralized dashboard that IT and SOC Admins can use for endpoint management and deep-dive analysis of real-time phishing threat intelligence.
Where can readers go to learn more about PIXM?
You can check out our website at https://www.pixm.net and would also love to connect personally. You can download our free version from our website and we welcome you to sign up for a Free Trial to try the product in your organization.