Security Concerns Grow as Study Finds 42 Percent of Email Phishing Attacks are Polymorphic
Hikvision Outlines Examples of Phishing to Prevent Malware Attack, Reduce Security Concerns
A recent study by automated phishing prevention platform provider IRONSCALES found that 42 percent of all email phishing attacks are polymorphic, creating increasing complexity and security concerns when trying to mitigate these cyberattacks, according to an article in SecurityInfoWatch.com.
From the article: “Polymorphism occurs when an attacker implements slight but significant and often random changes to an emails’ artifacts, such as its content, copy, subject line, sender name or template in conjunction with or after an initial attack has deployed. This strategic approach enables attackers to quickly develop phishing attacks that trick signature-based email security tools that were not built to recognize such modifications to threats; ultimately allowing different versions of the same attack to land undetected in employee inboxes.”
The research also found that more than 11,000 email phishing attacks underwent at least one change, or permutation. These changes enable hackers to more easily repurpose phishing emails and allowing the attacker to bypass many security tools, creating concerns.
“Polymorphic email phishing threats represent an incredibly difficult challenge for security operation center (SOC) and IT security teams to overcome. Just as security personnel think that they may have a phishing threat under control, attackers can augment the artifacts to give the message an entirely new signature, thereby enabling what is for all intents and purposes the same malicious message to bypass the same human and technical controls that might have stopped a previous version of the attack,” said Eyal Benishti, founder and CEO of IRONSCALES, in the article.
Read more about the study at this link.
Hikvision on Examples of Phishing
Hikvision’s cybersecurity director, Chuck Davis, authored several blogs on learning to recognize phishing and spear phishing emails to reduce security concerns. Here is an excerpt from his first blog in a series on examples of phishing:
“Phishing attacks have long been an effective way for attackers to trick people into divulging sensitive information or infecting a system with malware. Malware can give an attacker remote access to protected systems and networks, encrypt a user’s data and charge a ransom to decrypt the data, or use that system as part of an attack against other systems.”
Read more in “Examples of Phishing, Part II” at this link, where Davis outlines tips to avoid a phishing attack. In that article he provides the following tips from the United States Computer Emergency Readiness Team (US-CERT) to minimize your chances of becoming a victim of phishing attacks.
Top Seven Tips to Avoid Becoming a Phishing Victim:
- Filter spam.
- Be wary of unsolicited email.
- Treat email attachments with caution.
- Don’t click links in email messages.
- Install antivirus software and keep it up to date.
- Install a personal firewall and keep it up to date.
- Configure your email client for security.
Davis has also provided insights about spear phishing, a special kind of phishing attack that is targeted to a specific person or organization. Spear phishing emails typically have information about the victim in the email that makes the email seem credible.
You can read more about spear phishing at these links: