More Than Half of Phishing Scams Now Use Obfuscation>
– Stu Sjouwerman
The annual Phishing Threat Trends Report by Egress reveals concerning trends in phishing attacks that should worry organizations.
The report shows that phishing campaigns have become more sophisticated and effective with the use of obfuscation techniques.
This year, the percentage of phishing emails employing obfuscation techniques increased by 24.4%, with 55.2% of cybercriminals utilizing these tactics.
As a result, Microsoft cybersecurity defenses have been bypassed by a 25% year-over-year increase, and phishing emails are now 29% more successful in fooling secure gateway products.
Threat actors are attempting to chain multiple obfuscation methods together to achieve greater success in their attacks.
The most widely used obfuscation technique identified in the report is HTML smuggling, which accounts for 34% of obfuscated phishing emails.
By distributing malware that appears dormant and hiding it within the raw source code of an HTML page, hackers make it challenging for network-based cybersecurity tools to detect.
The report also points out that artificial intelligence (AI) tools are not effectively detecting obfuscation techniques.
Threat actors are taking advantage of AI to launch their phishing campaigns, while tools designed to detect AI-generated phishing emails are unreliable in 71.4% of cases.
These findings underscore the importance of educating end users through new-school security awareness training.
By providing guidance on how to spot and report malicious attacks, organizations can empower their workforce to make smarter security decisions.
The report recommends KnowBe4 as a trusted platform for strengthening security culture and reducing human risk, as over 65,000 organizations worldwide rely on it for end-user education and security awareness training.
Link: https://blog.knowbe4.com/cyberheistnews-vol-13-41-risky-new-data-more-than-half-of-phishing-scams-now-use-obfuscation