Vade announced that it has been awarded a new patent by the US Patent and Trademark Office (USPTO). Vade's latest patented invention is a new method of
preventing phishing kits from initiating defensive actions when examined by URL scanning technology.
This new method of subverting defensive actions from phishing kits is incorporated into all of Vade's products and paves the way for better phishing detection and prevention. "Vade's latest patent," said Sébastien Goutal, Chief Science Officer at Vade and co-inventor, "is part of our ongoing research and development strategy of identifying new attack techniques and developing innovative technologies to protect businesses and consumers."
Background on phishing kits
A phishing kit is an electronic package that contains a complete phishing website in an easy-to-deploy format. Phishing kits are commonly sold on the dark web and offered for sale by cybercriminal groups, either for a one-time-fee or as part of a subscription service. "In some cases," said Goutal, "phishing kit developers offer their kits for free but with a hidden backdoor. They can collect and sell the user credentials harvested by the wannabe fraudsters who deploy the kits."
Phishing kits have become more complex over time, and now include cloaking mechanisms to thwart URL scanning technology. To defend itself against detection from a security vendor, a phishing kit can detect an incoming HTTP connection, match the IP address to a security vendor, and trigger a defensive mechanism, such as returning a client or server error, or redirecting to legitimate webpages or search engines. These mechanisms can deceive a URL scanner and allow a phishing kit to go undetected, paving the way for a successful phishing attack.
Limiting phishing kits' defensive actions
Vade's invention is a method of determining the best scanning parameters by analyzing the electronic message that contains the malicious URL. These scanning parameters may then be used to scan a suspect URL with a reduced likelihood that a defensive action will be taken to hide the existence of the malicious content pointed to by the URL.
"Phishing kits are highly sophisticated and designed to trigger phishing pages only under certain conditions," said Goutal. "Not only does this help cybercriminals evade detection, but it also ensures that their content is displayed only to targeted users, such as those in certain countries or those using certain devices. This new technology helps us to identify without any delay a new phishing attack and quickly incorporate this threat intelligence collected into all our products and services."
Vade's newly patented technology is built into IsItPhishing.AI, Vade's web scanner. Threat intelligence gathered by IsItPhishing.AI is incorporated into all of Vade's products, including the Vade Filter Engine, Vade for M365, Vade Cloud, and Vade MTA Builder.