Highlights:
- Egress reports a 24.4% increase in phishing emails in 2023 that employ obfuscation methods to avoid detection.
- The company’s report warned about how artificial intelligence tools are simplifying the launching of phishing campaigns for hackers.
According to new research from Egress Software Technologies Ltd., hackers employ more elaborate strategies to circumvent businesses’ cybersecurity defenses with phishing emails.
The company conducted the research for its recently released annual Phishing Threat Trends Report. London-based Egress offers a platform for email security by the same name. The business claims its latest report is based on phishing campaign data gathered between January and September of this year.
The report’s main finding is that phishing campaigns seem to have advanced over the previous year. Egress reports a 24.4% increase in phishing emails in 2023 that employ obfuscation methods to avoid detection. Recently, these techniques have been used in 55.2% or more of malicious emails.
Egress discovered that HTML smuggling is the most frequently used obfuscation method. The business claims that 34% of the obfuscated phishing emails it examined for its research utilized the tactic.
HTML smuggling is the practice of hackers disseminating malware in a dormant state to make it harder to find. Hackers send the program’s source code as a part of an HTML page that appears to be legitimate rather than sending a malicious program. For network-based cybersecurity tools, it is more challenging to detect the code because malware doesn’t develop until after it leaves the corporate network and reaches the recipient’s computer.
Egress discovered that hackers frequently combine various obfuscation techniques to increase the effectiveness of their phishing campaigns. According to the company’s researchers, most phishing emails that actively try to avoid detection employ at least two obfuscation techniques. A single strategy is used in only 31% of these emails.
The growing complexity of tactics hackers employ to evade detection may enhance the effectiveness of phishing campaigns. In 2023, there was a 25% year-over-year increase in the number of phishing campaigns that bypass Microsoft Corp.’s cybersecurity defenses. During the same period, hackers became 29% more proficient in deceiving secure email gateway products, which enterprises rely on to prevent malicious messages from reaching their employees.
Egress examined the contents of the phishing emails and the methods hackers use to deliver them. The business discovered that links containing malware make up most of the malicious payload in phishing emails. Egress found that 45% of the messages it examined had links to malicious websites.
The business issued a warning in its report that phishing campaigns are becoming easier for hackers to launch with the help of artificial intelligence tools. One particular challenge is the development of large language models that can generate text automatically. According to Egress, 71.4% of the time, tools meant to identify AI-generated phishing emails are unreliable or completely ineffective.
Vice President of Threat Intelligence at Egress, Jack Chapman, said, “Without a doubt chatbots or large language models lower the barrier for entry to cybercrime, making it possible to create well-written phishing campaigns and generate malware that less capable coders could not produce alone.”
The business also assessed bulk emails that were solicited, such as advertisements or so-called graymail. According to the company, such messages comprise 34% of all email traffic. Egress asserts a “direct correlation” between the quantity of graymail a user receives and the amount of incoming phishing emails.