The use of JavaScript to obfuscate phishing pages increased by 70% in the ten months between November 2019 and August 2020, according to researchers at Akamai. Attackers use this technique to make it harder for security technology to detect their phishing sites. The vast majority of this activity involves content escaping (or URL encoding), but other less common techniques have skyrocketed.
“The research focused on five obfuscation techniques that were explained in our previous blog,” Akamai says. “There was a significant increase in four of the monitored techniques between November 2019, and August 2020. The techniques that increased the most during the recorded period are content escaping obfuscation techniques (72%), Base64 encoding (800%), hex encoding variable name obfuscation (86%), and eval execution obfuscation (400%).”
The researchers note that this activity began rising dramatically around the beginning of May 2020, which Akamai believes was due to an increase in phishing activity due to the pandemic.
Most of the impersonated brands were in three sectors: high technology (29.2%), financial (21.4%), and social media (20.6%). Phishing scams impersonating media, e-commerce, and dating companies were also common.
Akamai believes these techniques will grow more common as attackers try to stay ahead of the security industry.
“We anticipate the use of JavaScript obfuscation techniques will continue to be adopted, as those techniques give the upper hand to threat actors and enable phishing and scamming websites to become evasive and undetected, thereby increasing these scams' efficiency,” the researchers write. “Moreover, we believe that, as the human factor is still considered the weakest link in the chain, educating and creating awareness of such scams and evasion techniques should guide us as we move forward. In addition, we believe that security controls need to be able to detect and eliminate such evasive techniques.”
New-school security awareness training can enable your employees to thwart the phishing attacks that don’t get blocked by technical solutions.
Akamai has the story.
Here's how it works:
