SlashNext Launches New APIs to Thwart Phishing Attacks Faster


After a busy year of phishing scams, organizations should brace for more elaborate scams as hackers have gone beyond credential stealing and corporate email to scare tactics. To tackle this growing threat, California’s SlashNext has launched three AI-based APIs to improve lookup, scanning, and forensic techniques to stop phishing attacks faster.

In 2020, phishing — one of the oldest types of cyberattacks moved beyond credential stealing and corporate email to scare tactics and massive social networking scams. Earlier, phishing attacks were easy-to-spot emails that attempted to trick users with fake login pages or scams, but the global health crisis significantly changed the phishing landscape.

California-headquartered SlashNextOpens a new window , the anti-phishing security vendor, says there has been a 3,000% increaseOpens a new window in the number of phishing attacks since everyone began working from home, and the trend is expected to continue in 2021.

SlashNext Threat Labs detect around 45,000 new phishing attacks a day, many of which have moved beyond corporate email and simple credential stealing. These attacks can evade email phishing defenses that rely on static, reputation-based detection. SlashNext researchers found 50-75% of attacks evade conventional lines of defense to compromise the network.

Patrick Harr, CEO of SlashNext, told Toolbox, ”Magnify this by over 300,000 new phishing threats a week, which is more than double the number of threats versus last year, and we can safely say we have a massive problem.”

Why Phishing Attacks Are Successful

Phishing attacks are particularly effective because they prey on human logic and emotion. The more a bad actor knows about you, the more likely it will be effective. Beyond the commonly understood phishing schemes, there has been a dramatic increase in attacks across business collaboration platforms, including Zoom, Skype, Teams, Box, Dropbox, and Slack.

Mobile devices are particularly vulnerable — SlashNext Threat Labs reports a 600% increase in SMishing attacks in 2020 versus 2019. There is also a rise in mobile-specific attacks on social networking sites and even in multi-player gaming platforms. Harr expects phishing attacks to continue to grow across all communication channels, seeking a backdoor into corporate resources via remote workforces.

2021’s Biggest Security Threat —  Phishing

SlashNext anticipates an explosive growth in the number and types of phishing attacks in 2021. Cybercriminals are increasingly using legitimate commercial infrastructure sites to avoid detection and host a growing number of phishing attacks, making them harder to stop. Hackers are employing phishing emails that contain links to legitimate cloud providers – including AWS, Azure, Alibaba, Google – that are hosting phishing sites. The initial URL is legitimate, and as such, most URL filtering tools and block lists will not catch them. Once clicked, the URL is redirected to a phishing page that is hosted elsewhere. “Over the last 30 days, 40% of company users were phished, according to live data we compiled across more than 100 large and mid-sized enterprises,” Harr said.

AI Can Thwart Phishing Attacks

It’s time for newer defenses against widespread phishing attacks. Harr reveals around 50-75% of phishing attacks still break through undetected in legacy 1.0 phishing products that rely on block lists and human forensics.

“SlashNext’s AI-based phishing defenses can detect and block 99.07% of all phishing attacks. This means that we catch the majority of phishing attacks that are undetected, hours or even days before vendors using 1.0 phishing techniques,” he added.

The company’s AI-driven phishing protection goes beyond legacy 1.0 tactics like domain reputation, URL inspection, and human forensics to detect unknown, zero-hour threats that are missed by URL inspection and domain reputation methods.

“We do this by scanning billions of URLs and by leveraging virtual browsers, natural language processing, computer vision, and behavioral analysis. More specifically, SlashNext’s patented SEER technology brings cloud-scale resources to real-time, multi-vector, multi-payload phishing threat detection,” he said.

To help organizations address phishing and social engineering attacks that go beyond fake login pages or URL obfuscation, SlashNext rolled out version 2.0 of its Real-time Phishing Defense APIs. The APIs are focused on catching advanced phishing email threats across multiple communication channels, which are increasingly becoming commonplace in today’s cybersphere.

Security operations and incident response teams can leverage the solution for online brand protection, detection, and speed-up the process of taking down malicious sites targeting the organization. SlashNext AI phishing defense offers several playbooks that can save infosec teams hundreds of hours per week managing corporate brand abuse inboxes. Meanwhile, security researchers can leverage SlashNext on-demand, real-time phishing threat intelligence available as a cloud-powered, API-based service for dynamic analysis of a suspicious IOC, domains, hosts, and IPs.

Let us know if you liked this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!