Like Phish in a Barrel - NoHack Testing Results

By Rick Deacon on April 9, 2018

The Update

We’re very proud to announce that we recently published a brand new version of Apozy NoHack Enterprise Edition(EE) for our customers. We’ve worked very hard on the technology behind it and we now detect malicious pages in real-time with zero latency. Our technology relies on the visual analysis of a page combined with both proprietary and industry standard checks to accurately predict when a site is harmful.

The Test

We conducted many tests to prove NoHack EE works as intended. To determine false negative rate, we used the real-time submission of phishing links via PhishTank. PhishTank ingests URLs submitted by their user-base for review then determines if they're malicious. If proven malicious, they're added to a phishing filter list, for use in other phishing prevention products. This process, while quick, relies on a manual process and is not efficient when it comes to spearphishing attacks, which target the here and now.

Our test consisted of browsing to 400 of the latest sites being submitted to PhishTank. They had not been verified or added to the filter list yet. We disabled Chrome’s built-in security measures to rely on Apozy NoHack exclusively.

When Apozy identifies a site that’s malicious, it makes the page read-only. Read-only, in our case, is defined as preventing typing(losing credentials), downloads(malware), uploads(losing sensitive information), and background scripts(exploits). The page also alerts the user that it is in read-only mode, as you can see below.

The Results

Some of the sites that we reviewed were confirmed as NOT being phishing but rather just improperly configured static sites. We’ve excluded those from the results to ensure a more accurate outcome.

Out of the 400 sites we confirmed as being phishing, Apozy successfully detected and locked 99.5% of them. That means 2 sites were not locked in our testing. Those 2 sites, coincidentally, were not phishing for credentials. They were requesting specific details about the person. This information, while valuable to an attacker, does not pose an immediate risk. The pages were also in Spanish. While Apozy does support ALL languages, this seemed to be a very specific attack targeting just information from a small demographic of users.

NoHack's native browser isolation utilizing real-time perceptual detection now touts a 99.5% effectiveness rate.

Conclusions

The 400 sites proved to be an excellent test of Apozy’s new detection algorithm. We’re very pleased with the results and are very excited to pass this technology on to our existing and future customers.

If you'd like more information about Apozy NoHack, sign up on https://www.apozy.com or send me an email - rick@apozy.com.


Author picture

by Rick Deacon


About Apozy

Founded in April of 2014 in San Francisco, we are a venture-backed motley crew of passionate hackers building cybersecurity technologies to make the world's information faster, cleaner and safer to access.