In Egress's annual Phishing Threat Trends Report, new data was collected from January to September of this year with some key findings I want to highlight:
Phishing Campaigns Have Become More Sophisticated and Effective
Since obfuscation techniques were implemented the percentage of phishing emails increased by 24.4% this year, and now 55.2% of cybercriminals are using these tactics in their phishing emails.
Because of this, Microsoft cybersecurity defenses were bypassed by 25% year-over-year, and phishing emails are 29% more effective at fooling secure gateway products. One strategy bad actors are trying to execute in their attacks is chaining together multiple obfuscation methods to be successful.
The Most Widely Used Obfuscation Technique is HTML Smuggling
Research shows that 34% of obfuscated phishing emails analyzed use the HTML smuggling technique. Hackers distribute malware to appear dormant to make it more difficult to identify. As a result the HTML page with the raw source code is really malware, which is why it's so difficult for network-based cybersecurity tools to spot.
AI Tools Are Not Detecting Obfuscation Techniques
Egress also cautioned that artificial intelligence tools are being taken advantage of by threat actors to launch their phishing campaigns. On the other side of the coin, tools designed to detect AI-generated phishing emails are unreliable or don't work in 71.4% of cases.
In a statement by Jack Chapman, VP of Threat Intelligence at Egress, “Without a doubt chatbots or large language models lower the barrier for entry to cybercrime, making it possible to create well-written phishing campaigns and generate malware that less capable coders could not produce alone,”
These findings highlight the importance of educating your end users with new-school security awareness training. End-user education is the only way these types of obfuscation attacks can be stopped with helpful tips to spot and report these types of malicious attacks.
KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
SiliconANGLE has the full story.