File-borne attacks are on the rise, and 80% of successful breaches are new, unknown, or zero-day attacks that are not recognized by traditional signature-based detection solutions, such as antivirus. An example of this is an April 2020 attack that delivered Dridex ransomware to FedEx, UPS, and DHL customers. Sophisticated phishing emails—cleverly disguised to appear to be from company email accounts were sent with legitimate-looking attachments that delivered the payload. This threat's signature was not recognized in antivirus databases for 2 entire days, leaving the business' vulnerable.
In the past, detection and alert-based security tools were best-in-class. But in a world of zero-days and an overwhelming amount of attacks, these solutions miss massive quantities of threats—as much as 40%—leaving security teams fighting both alert fatigue and new threats from all fronts.
In this talk, Brent Hansen, Thales TCT's CTO, and Richard Hosgood, white hat hacker and North American Director of Engineering at file security company, Votiro, dissects the April 2020 phishing attack, the gaps that antivirus and next-generation antivirus leave for unknown and zero-day threats, and how an emerging technology called Positive Selection technology can prevent these types of attacks.