Endgame Ends Document-Based Phishing Attacks With Machine Learning
First and only machine learning model closes critical entry point for cybercriminals with 99 percent efficacy
ARLINGTON, Va., July 30, 2018 – Endgame, the first endpoint protection platform to deliver the stopping power of a world class SOC in a single agent, today announced that it has enhanced its platform to end the threat of document-based phishing attacks. MalwareScore, a host-based machine learning technology, now has the capability to identify and block known and never before seen malicious Microsoft Office documents pre-execution with 99 percent efficacy.
Phishing is the third most prevalent cyber attack resulting in information breaches, with approximately 70 percent of breaches associated with nation-state or state-affiliated actors involving phishing according to the Verizon 2018 Data Breach Investigations Report. The report also notes that two-thirds of phishing emails include malware. The recent indictment of 12 Russian intelligence officers suspected of playing a role in the hack of the Democratic National Committee before the 2016 U.S. election notes that phishing played a major role in their strategy. Phishing attacks that delivered malicious payloads also targeted this year’s World Cup in Russia and the Pyeongchang winter games.
“It’s important to remember that phishing is just the beginning of a long attack chain that can lead to a major breach, not a final attack. Payload-driven phishing attacks give attackers the foothold they need to access the internal network. From there, they can perform reconnaissance, move laterally, and take actions to find and exfiltrate sensitive data or worse,” said Mark Dufresne, vice president of threat research and prevention at Endgame. “That is why Endgame is tackling this issue head on to stop hackers from ever gaining that foothold. Strong machine learning models are necessary to protect businesses from new and unknown malicious macros, which is where signature-based solutions fail.”
Available in the Endgame 3.0 release, MalwareScore is part of a multi-layer approach that includes automated tradecraft analytics and orchestration to prevent the attack, quarantine the file or host, and orchestrate clean up across all endpoints and mail servers on the network.
Consistent with our commitment to transparency, the updated machine learning model is running publicly in Google’s VirusTotal where it is helping security teams determine whether documents are malicious.
“The endpoint is the only place to prevent cyber attacks with certainty, because it is there that adversaries expose themselves making it easier to find malicious activity early and reduce the cost of incident response investigations on the whole network,” said Mike Nichols vice president of product management at Endgame. “This unique extension of MalwareScore resides entirely on the endpoint, ensuring complete protection of the mobile and disconnected workforce with zero end user impact. This update adds another layer of prevention to our comprehensive protection based on the MITRE ATT&CK matrix, bringing Endgame another step closer to being the last agent you will ever need.”
The researchers who invented the updated machine learning model for MalwareScore will be available for meetings during the Black Hat Conference Aug. 8-9 to give live demonstrations of the new capabilities. Meet them at the Endgame booth #1328 in the Business Hall in Shoreline throughout the conference. Schedule an onsite demo here and learn more about MalwareScore on our website here. To read about the threat landscape and how Endgame 3.0 addresses the problem you can read more here, while you can learn more about how Endgame is using machine learning to end document-based phishing attacks here.
Endgame's converged endpoint security platform is transforming security programs - their people, processes and technology - with the most powerful endpoint protection and simplest user experience, ensuring analysts of any skill level can stop targeted attacks before information theft. Endgame unifies prevention, detection, and threat hunting to stop known and unknown attacker behaviors at scale with a single agent. For more information, visit www.endgame.com and follow us on Twitter @EndgameInc.
YouTube: Endgame on YouTube
Highwire PR for Endgame
415-963-4174 ext. 26