News & Insights

3 Ways Email Phishing Attacks Have Evolved

WhiteHawk Inc.

 3 Ways Email Phishing Attacks Have Evolved

Phishing is an attempt to obtain sensitive, and confidential information by tricking the email recipient into believing the source of the email is reputable and the action they want you to take (like clicking on a link) is logical.

As many of us already know, anyone can be a victim of a phishing attack, ranging from critical infrastructure, to the Democratic National Committee, to small and large businesses, and especially individuals. In 2017, 76% of organizations say they experienced phishing attacks (Womabt's 2019 State of the Phish). It is no surprise that email is the top cyberattack vector, and today's cybercriminals are persistently attacking individuals who have access or handle sensitive data within an organization. This rise in phishing attacks is a devastating trend that will continue to grow and evolve.

Once you have clicked on the seemingly safe link you are now in the hands of a hacker and your stolen information can be used to carry out fraudulent activities, such as blackmail, or selling the personal data on the dark web.

Phishing attacks are also used as a tool for conducting espionage by state actors against the U.S. Government or Industrial Base or to spy on an opponent's organization.

This article takes a look at the major ways phishing attacks have evolved, are conducted today, and provides effective solutions.

1) Casting a large net has been replaced with targeted attacks:

In the past, phishing campaigns were more simplistic. Hackers relied on a user's lack of knowledge and would cast a wide net to target as many people as possible. The attack proves to be worthwhile if out of the many people targeted at least a few would fall victim.

Today, advances in detecting suspicious emails, block the most obvious phishing campaigns and user training and awareness has complicated traditional attack methods. As a result, Hackers changed their behavior and now use more sophisticated phishing techniques and individually target businesses. Techniques not only include prior research into a potential victim(s), attacks use spoofing (in which a person or program successfully masquerade as another website by falsifying data, bypassing network access control, or redistribute traffic to conduct a denial-of-service attack to gain an advantage), cloud applications which make attacks harder to detect. In Australia, victims were tricked into handing over bank details through a spoofed government website.

2) They can evade signature-based security models:

Today, signature-based security models use algorithms to scan attachments and links to determine risk and verify the sender. They track 'known' threats. While this is beneficial, with the evolution of phishing attacks, they can evade detection. Hackers now often conduct testing to ensure their emails will bypass normal security settings.

Consider adding behavioral-based malware detection that can uncover new and unknown threats in near real-time. Symantec, Crowdstrike, and Bitdefender Endpoint Protection technologies provide solutions to protect a computer. Reduce the number of phishing emails by implementing a third-party spam filter rather than relying on anti-phishing controls. Email security vendors like TitanHQ, Barracuda, Wombat and offer efficient and cost-effective solutions to combat phishing attacks.

3) Hackers are using AI and machine learning to improve attacks****:

We appear to no longer be dealing with a scammer from Nigeria in need of help and asking for a money transfer. It seems that by collecting large amounts of data, a hacker will significantly improve their social engineering technique.

Machine learning algorithms do not need to be sophisticated; a simple service to service machine learning can be installed on an infected device in order to observe emails and tailor conversations of the intended target.

To defend against advanced AI and machine learning attacks, the user can send a challenge and response question. Understand that hackers can analyze a user's response and might respond in a conniving way (this becomes more of an issue as chatbots learn to improve communication). As such, asking the email sender about their message through other channels of communication may help determine its authenticity. Consider looking into email protection from Panda and protection from email-borne cyber threats by Barracuda.

Phishing attacks and hackers have adapted and evolved, and so too must we as users, ensure our employees are receiving training on current methods and remain aware and question - by being alert you can prevent cybercrime and fraud.