The challenge of protecting your organization, assets, and employees from digital risks is becoming more difficult everyday. Information available on the internet is massive and growing bigger every day. By some estimates, digital online data doubles in size every two years, representing vast opportunities for businesses and hackers alike.
With so much content available for users to consume, digital engagement has become increasingly visual to attract attention. Marketing teams now rely on images and video to drive leads and generate clicks; today, video marketing makes up 21% of all brand posts on social. The same type of engagement that marketing teams use to legitimately grow businesses is, unfortunately, also popular with bad actors looking to grow their own ‘businesses’. Attackers can compromise images and videos to embed malware, scam customers, redirect users, etc. This growth in sharing and connecting via visual information multiplies the risk as people share more broadly and openly with their network. How can you take advantage of the opportunities digital engagement offers, particularly in image and video marketing, while limiting the risk that different digital platforms introduce? ZeroFox recently released new Artificial Intelligence tools to help combat these risks and more.
Creating an Artificial Intelligence Toolbox
First, recognize that this isn’t a task that a single security manager or even robust security team can handle alone. Manually sorting through and analyzing millions of posts, images, videos and sites would take days, months, or might not even be possible given the total amount of images available online. Instead, these risks are best addressed through Artificial Intelligence (AI) solutions.
There are a number of AI tools that help security teams search, identify, and prioritize the largest threats to your organization. A successful security program and strategy involves using multiple tools and capabilities together to effectively prioritize the most critical digital threats.
ZeroFox’s new features provide comprehensive AI capabilities for efficient and effective risk identification. A strong Artificial Intelligence toolbox includes a combination of Computer Vision and Natural Language Processing (NLP) tools:
Uses computers to extract meaning from visual mediums (images, video, etc.). Some key computer vision capabilities are:
- Optical Character Recognition (OCR): extracting text from images
- Image Comparison: detecting the similarity between images
Without a tool like Computer Vision, there’s a significant risk of missing out on clear indications of threats. Oftentimes an image itself is the only indication of a threat within a post, either in the case of the text within that image or the suspicious use of images altogether.
Natural Language Processing
Uses computers to understand and interpret human language. Some key capabilities in this area are:
- Sentiment Analysis: detecting the type and “amount” of negative sentiment present in text
- Malicious Link Detection: malicious web link identification
- Scam Detection: assessing the presence of a digital scam
The use of Natural Language Processing saves time and helps to eliminate false positives that are often found through simple word matching. NLP provides deeper analysis than word matching alone, taking into account the context of the message.
Together, ZeroFox’s new Artificial Intelligence techniques can be used successfully to identify and remediate potential risks based on different use cases that many organizations face today.
Early detection of information leakage is critical for securing intellectual property
Intellectual property (IP) is one of the most valuable things that any organization possesses. Not only is IP one of the most sought after targets by bad actors but employees and contractors can accidentally leak IP. It’s estimated that IP theft costs U.S. companies as much as $600 billion per year according to the Theft of Intellectual Property Commission. While there are numerous ways that ZeroFox can protect you against IP leakage, this example will highlight how ZeroFox’s computer vision techniques could work.
Jim is a salesman at ACME Corporation. He’s in a rush to upload a slide deck and video he made so that potential customers can see his presentation. However, because Jim is in a hurry, he accidentally uploads the internal only slide deck that details ACME Corporation’s sales plan for the next year instead of his presentation slide deck. Below is the first slide from that deck.
ZeroFox platform detects that something has been uploaded, and then detects that there is an image. Using computer vision techniques, ZeroFox examines the slide deck. For the first slide in the deck the following detection is made:
Actual detections produced by ZeroFox’s OCR model
This detection triggers an alert that something has been uploaded that contains the text “ACME Corporation”, “Proprietary”, and “Confidential”. ACME Corporation security analysts receive the alert, request a takedown through ZeroFox’s platform, and notify Jim that he needs to be a little bit more careful next time when uploading documents to public spaces.
According to one study, 87% of firms view employees like Jim as the greatest cyber risk to their business. Early detection of information leakage is critical for securing intellectual property, keeping customer information safe, and protecting strategic plans from getting into the hands of competitors.
Phishing Attacks detected by screen OCR analysis
Phishing attacks are one of the most popular attack vectors among bad actors, costing organizations $1.6 million per incident on average. Bad actors are continuing to grow even more sophisticated and are better able to mirror the sites that users use to access web-based services. However, as users become increasingly more aware of common attack vectors for phishing attacks, such as email, bad actors are evolving and moving to other digital mediums such as social networks to launch targeted phishing attacks.
Take for example, the following scenario where a link comes into ZeroFox’s platform for ACME Corporation. ACME Corporation uses Google’s G Suites for their business productivity apps. Bad actors are aware of this, and develop a phishing site to mimic ACME Corporation’s login screen to harvest ACME Corporations’ employees’ credentials in order to gain a foothold in ACME Corporation’s internal network. The bad actors locate employees in ACME Corporation’s accounting department via LinkedIn and send targeted phishing messages with a link to the phishing site to those employees.
When the phishing message enters ZeroFox’s system, the presence of a web link is detected and the link is assessed using ZeroFox’s Malicious Link Detection machine learning model. This model decomposes the web link and is able to determine that it is a malicious link. Now that ZeroFox has made a determination that the link is potentially malicious, ZeroFox’s automated bots go out to the link and take a screenshot of the website which looks similar to the actual phishing site below:
Image taken from https://www.phishtank.com/phish_detail.php?phish_id=5936321
That screenshot flows back into ZeroFox’s platform and ZeroFox’s OCR capability detects and extracts the following text:
Actual detections produced by ZeroFox’s OCR model
ZeroFox now knows that this is a potentially malicious link that mimics a Google login page but is not hosted on a Google or ACME Corporation domain. This information when put together, strongly indicates that this site is a phishing site and ZeroFox triggers an alert indicating that ACME Corporation should add this web link to their corporate blacklist.
Money Flipping Scams
One of the most common scams across many social and digital channels is known as a “money flipping” scam, where unsuspecting people are convinced by seemingly wealthy, successful individuals with “stacks on stacks” that making money is in fact quite easy, contrary to public opinion. All you have to do is trust them. Serious inquiries only.
As with most things, if it seems too good to be true, it usually is, and this case is no different. With so many variations on this scam it can be difficult to detect without the right tools. Using Natural Language Processing (NLP) techniques, ZeroFox is able to detect posts/comments that contain money flipping scams. However, oftentimes, critical information can be contained within images, making OCR an important tool in detecting these type of scams.
Take for example an actual money flipping scam that ZeroFox detected on Instagram. Below you can see a post that contained an image and text.
Screenshot of an actual post advertising a money flipping scam. Username and Bitcoin address redacted.
When a post like this arrives in the ZeroFox Platform, both the OCR and money flipping models go to work. The money flipping model initially runs over the text content of the post, confirming that it is a money flipping scam. The OCR model runs off the image in the post and extracts the text:
Actual detections produced by ZeroFox’s OCR model. Bitcoin address redacted.
Between the text the OCR model extracted (including such keywords as “payment”, “bitcoin”, “account”, etc.) and the detection by the money flipping model, ZeroFox determines with high likelihood that this is a money flipping scam. A takedown request is initiated and another scam ends before any damage can be done.
While digital engagement is a great way to promote a business and brand, these channels introduce risk that ZeroFox can help you to mitigate. Through the use of a sophisticated and evolving artificial intelligence toolbox, ZeroFox continues to tackle the problem of reducing your digital risk so you can continue to focus on doing what you do best.