Atif Mushtaq, SlashNext Founder & CEO: Beware of Credential-Stealing Phishing Scams

By Gabriela Vatu / July 31, 2019

More often than not, security solutions online try to do a little bit of everything, without necessarily excelling at some of the key security flaws we encounter. Because like it or not, we're our own worst enemy in terms of security because we're quite happy to click on anything and everything and fall victims to phishing attacks.

Well, SlashNext is a company that focuses exactly on phishing attacks and tries to help anyone and everyone block such attempts, even when they're not outright dangerous to the untrained eye. Atif Mushtaq is the company's CEO and founder and he agreed to have a chat with TechNadu about the dangers we all face online, the trends he sees in phishing attacks nowadays and how to stay safe online. Here's our interview!

TechNadu: You've been in the security business for a long time now. Tell us more about your career and your path through founding SlashNext.

Atif Mushtaq: Before founding SlashNext, I spent nine years as a senior scientist at FireEye as one of the main architects of its core malware detection system. My role involved working regularly with law enforcement and other global agencies to take down some of the big malware networks at the time, including Rustock, Srizbi, Pushdo, and Grum botnets.

Working at an intrusion detection vendor I realized that direct OS and system exploits were becoming less common while exploiting the human attack surface was becoming more common via more sophisticated attacks and new vectors beyond traditional phishing emails. I saw that little innovation was taking place to mitigate the advanced social engineering techniques that the leading phishing rings had moved on to, so I wanted to develop a better method for phishing URL detection. That's why I founded SlashNext and pioneered using virtual browsers in a purpose-built cloud to dynamically inspect page contents and server behavior to get clues about the site versus outdated domain reputation-based techniques.

TechNadu: SlashNext stands out from the crowd because you're not trying to take on all aspects of security, but you're focusing on phishing. Why did you choose this strategy?

Atif Mushtaq: Multiple studies have shown phishing is the leading cause of breaches across various industries, and the attacks move faster than ever. Most threats last only a few hours and attacks can reach employees anywhere they can access a link. Unlike malware and exploits, phishing and social engineering represent a much broader category of the threat landscape. These attacks are not bound by a fixed set of rules and thus cannot be identified by a simple signature or static set of if-then-else sandbox rules. The end goal of a phishing attack is to trick the target into clicking on something malicious or giving up their valuable information, often using plain HTML. There's no exploit, no malicious JavaScript, no executable – just natural language and graphical objects in an HTML-based attack.

The threat landscape for 2019 and beyond is evolving due to new types of phishing and social engineering attack vectors and methods, morphing beyond phishing emails with malicious attachments to penetrate organizations through browser-based attack vectors designed to trick users into divulging sensitive information, or install man-in-the-browser 'snoopware' to run stealthily in the browser memory. CSOs and security managers must focus attention on the growing number of threats that leverage malicious sites, regardless of the attack vector.

TechNadu: Tell us something about the technology behind SlashNext - What makes it different or better from other similar tools available on the market?

Atif Mushtaq: Even with training, users are quick to open, click, and act on phishing bait and social engineering attacks, which is why the race against time is so important for protection and response. The key to protecting against fast-moving phishing attacks is to stop them at their common point of delivery, which is increased from the Web. This requires a system designed from the ground up to detect and block Web-based, zero-day phishing attacks. Anti-phishing solutions that use URL analysis, domain inspection, and other passive techniques are easily evaded by hackers.

Our solution gives IT security teams the broadest machine-readable threat intelligence covering all major categories of phishing and social engineering threats live on the Web. We are proud to have the industry's first and only phishing-focused threat intelligence solution that covers the six major threats including credential stealing, scareware, rogue software, phishing exploits, social engineering scams, and phishing callbacks.

Companies have already invested in multi-level security defenses including NextGen AV, firewalls, SEGs, endpoint protection, and others, so SlashNext enables these existing technologies to block zero-hour threats with dynamically generated threat intelligence. Key partnerships like our work with ThreatQuotient make it easier for customers of these popular threat intelligence platforms to access our live phishing threat intelligence to better protect their organizations from the daily onslaught of attacks.

Outdated threat intelligence that comes from poorly refreshed or updated blocklists and lack of operationalization is simply not useful for protecting against new zero-hour threats.

TechNadu: What exactly is SlashNext SEER? How do these virtual browsers you deploy work?

Atif Mushtaq: Our main technology under the hood is called Session Emulation and Environment Reconnaissance (or SEER) that detects phishing threats that evade more traditional anti-phishing methods that rely on URL inspection and domain reputation analysis. SEER does this by using virtual browsers to dynamically inspect page contents and server behavior in a purpose-built cloud to definitively detect phishing sites in real-time and with extreme accuracy. By dynamically inspecting page contents and server behavior together with patent-pending machine learning algorithms, SlashNext can detect a wider range of phishing threats in real-time with exceptional accuracy and near-zero false positives. This results in more comprehensive, definitive and timely threat intelligence on live phishing threats.

TechNadu: What are some of the most commonly encountered phishing strategies you've seen lately? What should we keep an eye out for?

Atif Mushtaq: A popular phishing method we see all the time in many different forms is credential-stealing scams, mainly targeting login data that can be used to gain access to applications, networks, and ultimately valuable corporate data. Man-in-the-middle (MiTM) attack is an example of a popular method hackers use to obtain credentials. One of the reasons credential stealing is growing as a phishing threat is a fact that it targets and exposes human fallibility, the weakest link in the network security equation. Unlike malware or rogue software, credential stealing can bypass the traditional phishing protection tools and security software to target the human element.

This is why you should ask yourself how many times you use the same login credentials for different sites and applications, and you'll see that phishing threat actors can steal credentials once and likely use it at multiple locations.

Credential theft can come from fake login pages for popular cloud services, file sharing between "friends" you don't recognize, or spear-phishing attempts to get hold of critical records from healthcare organizations or financial firms. Always be sure to question any suspicious emails asking to reset passwords or a browser pop-up that asks to confirm your data, even web searches to login to your existing cloud accounts could be a spoofed web address trying to steal your data.

TechNadu: What other big security threats do you see right now aside from the everlasting and everchanging phishing campaigns?

Atif Mushtaq: Browser extension vulnerabilities and other rogue software programs or apps are posing a huge problem. We took notice recently when a major flaw had been found in a popular browser extension for Chrome, where a cross-site scripting vulnerability in the extension would have permitted attackers to bypass Chrome's same-origin policy (SOP) and included a flaw that could have potentially allowed hackers to access active sessions of other websites in the same browser. Even though browser extensions act like web applications, they aren't always bound by the SOP that normally prevents web apps from accessing data from other web applications. This reinforces the need for employees and security organizations to be aware of the possible danger's browser extensions can present.

So? What do you think? How careful are you about phishing? Let us know in the comments section below! Share the interview with friends and family and follow TechNadu on Facebook and Twitter for more tech news, interviews, guides, and reviews.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: