Endgame Ends Document-Based Phishing Attacks With Machine Learning
First and only machine learning model closes critical entry point for cybercriminals with 99 percent efficacy
Endgame, the first endpoint protection platform to deliver the stopping power of a world class SOC in a single agent, today announced that it has enhanced its platform to end the threat of document-based phishing attacks. MalwareScore, a host-based machine learning technology, now has the capability to identify and block known and never before seen malicious Microsoft Office documents pre-execution with 99 percent efficacy.
Phishing is the third most prevalent cyber attack resulting in information breaches, with approximately 70 percent of breaches associated with nation-state or state-affiliated actors involving phishing according to the Verizon 2018 Data Breach Investigations Report. The report also notes that two-thirds of phishing emails include malware. The recent indictment of 12 Russian intelligence officers suspected of playing a role in the hack of the Democratic National Committee before the 2016 U.S. election notes that phishing played a major role in their strategy. Phishing attacks that delivered malicious payloads also targeted this year’s World Cup in Russia and the Pyeongchang winter games.
“It’s important to remember that phishing is just the beginning of a long attack chain that can lead to a major breach, not a final attack. Payload-driven phishing attacks give attackers the foothold they need to access the internal network. From there, they can perform reconnaissance, move laterally, and take actions to find and exfiltrate sensitive data or worse,” said Mark Dufresne, vice president of threat research and prevention at Endgame. “That is why Endgame is tackling this issue head on to stop hackers from ever gaining that foothold. Strong machine learning models are necessary to protect businesses from new and unknown malicious macros, which is where signature-based solutions fail.”
Available in the Endgame 3.0 release, MalwareScore is part of a multi-layer approach that includes automated tradecraft analytics and orchestration to prevent the attack, quarantine the file or host, and orchestrate clean up across all endpoints and mail servers on the network.
Consistent with our commitment to transparency, the updated machine learning model is running publicly in Google’s VirusTotal where it is helping security teams determine whether documents are malicious.
“The endpoint is the only place to prevent cyber attacks with certainty, because it is there that adversaries expose themselves making it easier to find malicious activity early and reduce the cost of incident response investigations on the whole network,” said Mike Nichols vice president of product management at Endgame. “This unique extension of MalwareScore resides entirely on the endpoint, ensuring complete protection of the mobile and disconnected workforce with zero end user impact. This update adds another layer of prevention to our comprehensive protection based on the MITRE ATT&CK matrix, bringing Endgame another step closer to being the last agent you will ever need.”