be  used  to attack  any  business,  organisations of  all  kinds  need  to check  they are  comprehensively
            protected.

            Of course, awareness and training are the first port of call when combating phishing attacks – something
            that many organisations already know about and implement. According to one study, 84% of respondents
            conduct regular training to help staff understand phishing and reduce victimisation rates.

            However, with threat actors becoming increasingly smart with their campaigns, it is important that firms
            go a step further, embracing a variety of policies, tools and technologies to develop multi-layered security
            strategies capable of bolstering defences against modern threats.

            Here,  we  recommend  technologies  like  HEAT  Shield  that  can  help  protect  users  from  credential
            harvesting and account compromise. Not only can it cut off the attack vector from the initial access stage,
            but also it can redefine the way in which security is implemented, enforcing a proactive approach to deal
            with such highly evasive threats.

            In the case of the Indeed.com attack, the technology successfully detected the phishing site using AI-
            based detection models to analyse the rendered web page prior to any URL reputation service and other
            security vendor flagging the page as malicious. During this process, it also generates zero-hour phishing
            detection alerts, providing greater visibility and context of threats to security and SOC analysts.

            The Indeed.com campaign is just one reminder among many of the importance of constantly evolving
            and enhancing security strategies to stay one step ahead of increasingly sophisticated threat techniques.





            About the Author

            Brett Raybould - EMEA Solutions Architect, Menlo Security. Brett is passionate
            about security and providing solutions to organisations looking to protect their most
            critical assets. Having worked for over 15 years for various tier 1 vendors who
            specialise in detection of inbound threats across web and email as well as data
            loss prevention, Brett joined Menlo Security in 2016 and discovered how isolation
            provides a new approach to solving the problems that detection-based systems
            continue to struggle with.




















            Cyber Defense eMagazine – December 2023 Edition                                                                                                                                                                                                          57
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.