[Risky New Data] More than Half of Phishing Scams Now Use Obfuscation

Obfuscation Attack Phishing A new report shows staggering phishing trends using obfuscation techniques that should make any organization feel worried.

In Egress's annual Phishing Threat Trends Report, new data was collected from January to September of this year with some key findings I want to highlight:

Phishing Campaigns Have Become More Sophisticated and Effective

Since obfuscation techniques were implemented the percentage of phishing emails increased by 24.4% this year, and now 55.2% of cybercriminals are using these tactics in their phishing emails.

Because of this, Microsoft cybersecurity defenses were bypassed by 25% year-over-year, and phishing emails are 29% more effective at fooling secure gateway products. One strategy bad actors are trying to execute in their attacks is chaining together multiple obfuscation methods to be successful.

The Most Widely Used Obfuscation Technique is HTML Smuggling

Research shows that 34% of obfuscated phishing emails analyzed use the HTML smuggling technique. Hackers distribute malware to appear dormant to make it more difficult to identify. As a result the HTML page with the raw source code is really malware, which is why it's so difficult for network-based cybersecurity tools to spot.

AI Tools Are Not Detecting Obfuscation Techniques

Egress also cautioned that artificial intelligence tools are being taken advantage of by threat actors to launch their phishing campaigns. On the other side of the coin, tools designed to detect AI-generated phishing emails are unreliable or don't work in 71.4% of cases.

In a statement by Jack Chapman, VP of Threat Intelligence at Egress, “Without a doubt chatbots or large language models lower the barrier for entry to cybercrime, making it possible to create well-written phishing campaigns and generate malware that less capable coders could not produce alone,”

These findings highlight the importance of educating your end users with new-school security awareness training. End-user education is the only way these types of obfuscation attacks can be stopped with helpful tips to spot and report these types of malicious attacks.

KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

SiliconANGLE has the full story.

Live Demo: Supercharge Your Anti-Phishing Defense with PhishER Plus

Email alone is the highest cause of data breaches and 56% of all attacks bypass your legacy security filters! The upshot? Legacy email security layers let these digital time bombs slip into the inboxes of your users. Introducing PhishER Plus - the most powerful anti-phishing protection available in the world.

To learn how we can make such a claim, get a product demonstration of the new PhishER add-on, PhishER Plus. In this live one-on-one demo we will show you how you can:

Block email threats that have bypassed all other email security filters or systems before they reach your users’ mailboxes with the Global Blocklist

Isolate malicious emails that already bypassed your mail filters through automated quarantine with Global PhishRIP

Crowdsource threat intelligence from 10+ million KnowBe4 trained users

Save time and budget by reducing the volume of remediation efforts handled by your SOC Team

Leverage the power of triple-validated threat intelligence to protect your organization from new attacks