• Home
  • Beauty
  • Designers
  • Fashion
  • Lifestyle
  • Makeup
  • Models
  • News
  • Shopping
No Result
View All Result
Fashionbuddy.org
  • Home
  • Beauty
  • Designers
  • Fashion
  • Lifestyle
  • Makeup
  • Models
  • News
  • Shopping
No Result
View All Result
Fashionbuddy.org
No Result
View All Result

Email Defenses Under Siege: Phishing Attacks Dramatically Improve

October 8, 2022

This week’s report that cyberattackers are laser-focused on crafting attacks specialized to bypass Microsoft’s default security showcases an alarming evolution in phishing tactics, security experts said this week.

Threat actors are getting better at slipping phishing attacks through the weak spots in platform email defenses, using a variety of techniques, such as zero-point font obfuscation, hiding behind cloud-messaging services, and delaying payload activation, for instance. They’re also doing more targeting and research on victims.

As a result, nearly 1 in 5 phishing emails (18.8%) bypassed Microsoft’s platform defenses and landed in workers’ inboxes in 2022, a rate that increased 74% compared to 2020, according to research published on Oct. 6 by cybersecurity firm Check Point Software. Attackers increasingly used techniques to pass security checks, such as Sender Policy Framework (SPF), and obfuscate functional components of an e-mail, such as using zero-size fonts or hiding malicious URLs from analysis.

The increasing capabilities of attackers is due to the better understanding of current defenses, says Gil Friedrich, vice president of email security at Avanan, an email security firm acquired by Check Point in August 2021.

“It is a family of 10 to 20 techniques, but they all lead to the objective of deceiving a company’s security layers,” he says. “The end result is always an email that looks genuine to the recipient but looks different to the algorithm that analyzes the content.”

Microsoft declined to comment on the research. However, the company has warned of advanced techniques, such as adversary-in-the-middle phishing (AiTM), which uses a custom URL to place a proxy server between a victim and their desired site, allowing the attacker to capture sensitive data, such as usernames and passwords. In July, the company warned that more than 10,000 organizations had been targeted during one AiTM campaign.

Check Point is not the only vendor to warn that phishing attacks are getting better. In a survey, email security firm Proofpoint found that 83% of organizations experienced a successful email-based phishing attack, nearly half again as many as suffered such an attack in 2020. Cybersecurity firm Trend Micro saw the number of phishing attacks more than double, growing 137% in the first half of 2022 compared to the same period in 2021, according to the firm’s 2022 Mid-year Cybersecurity report.

Meanwhile, cybercriminals services, such as phishing-as-a-service and malware-as-a-service, are encapsulating the most successful techniques into easy-to-use offerings. In a survey of penetration testers and red teams, nearly half (49%) considered phishing and social engineering to be the attack techniques with the best return on investment.

Research & Recon Inform Phishing

Attackers are improving too because of the effort that cyberattackers make in collecting intel for targeting victims with social engineering. For one, they’re utilizing the vast amounts of information that can be harvested online, says Jon Clay, vice president of threat intelligence for cybersecurity firm Trend Micro.

“The actors investigate their victims using open source intelligence to obtain lots of information about their victim [and] craft very realistic phishing emails to get them to click a URL, open an attachment, or simply do what the email tells them to do, like in the case of business e-mail compromise (BEC) attacks,” he says.

The data suggests that attackers are also getting better at analyzing defensive technologies and determining their limitations. To get around systems that detect malicious URLs, for example, cybercriminals are increasingly using dynamic websites that may appear legitimate when an email is sent at 2 a.m., for example, but will present a different site at 8 a.m., when the worker opens the message.

Improvements in Defense

Such techniques not only deceive, but take advantage of asymmetries in defending versus attacking. Scanning every URL sent in an email is not a scalable defense, says Check Point’s Friedrich. Running URLs in a full sandbox, analyzing the links to a specific depth, and using image processing to determine sites that are trying to mimic a brand requires a lot of computational power.

Instead, email security firms are deploying “click-time” analysis to tackle the problem.

“There are some algorithms or tests that you can’t run on every URL, because the compute is huge, it eventually become price prohibited,” he says. “Doing that at click time, we only need to do the tests on the URLs that users actually click on, which is a fraction, so 1% of the total links in e-mail.”

In addition, defenses increasing rely on machine learning and artificial intelligence to classify malicious URLs and files in ways that rules-based systems cannot, says Trend Micro’s Clay.

“Dealing with weaponized attachments can be difficult for those security controls that still rely on signatures only and don’t have advanced technologies that can scan the file using ML or a sandbox, both of which could detect many of these malware files,” he says.

In addition, previous statements from Microsoft have noted that Office 365 includes many of the email protection capabilities discussed by other vendors, including protection from impersonation, visibility into attack campaigns, and using advanced heuristics and machine learning to recognize phishing attacks affecting an entire organization or industry.

For more updates check below links and stay updated with News AKMI.
Life and style || E Entertainment || Automotive News || Consumer Reviewer || Most Popular Video Games || Lifetime Fitness || Giant Bike

Source

The post Email Defenses Under Siege: Phishing Attacks Dramatically Improve appeared first on News AKMI.

Share120Tweet75Share30
admin

admin

Related Posts

Aishwarya Rai Bachchan’s Frugal Spending Habits and How They Have Contributed to Her Net Worth
All

Aishwarya Rai Bachchan’s Frugal Spending Habits and How They Have Contributed to Her Net Worth

May 8, 2023

Aishwarya Rai Bachchan, the renowned Indian actress biooverview  and former Miss World, is well-known for her frugal spending habits. These habits have been an important factor contributing to her net worth, which is currently estimated to be around $35...

How Do You Play Online Slot?
All

How Do You Play Online Slot?

May 10, 2023

Online slots are a fun and easy way to win real money. They’re also available round-the-clock so you can play them whenever you like. Slots use a Random Number Generator (RNG) to create random sequences of numbers every millisecond....

A definitive Manual for online slot Opening Games: How to Play and Win Huge
All

A definitive Manual for online slot Opening Games: How to Play and Win Huge

April 28, 2023

Presentation: Online space games are one of the most famous types of web based betting. They offer a tomfoolery and energizing method for winning huge payouts and are not difficult to play. With so many web-based space gacor accessible,...

Simplify Your Gaming Experience: Play Baccarat And Place Bets On Your Mobile Phone Today
All

Simplify Your Gaming Experience: Play Baccarat And Place Bets On Your Mobile Phone Today

March 20, 2023

Playing baccarat at casinos has been a popular pastime for gamblers for decades, if not millennia. The proliferation of online casinos has made it simpler to enjoy this exciting pastime without leaving the house. With the rise of mobile...

Please login to join discussion
Pedestrian Accidents and Personal Injury Cases
News

Pedestrian Accidents and Personal Injury Cases

by Olha Lammer
June 6, 2023
0

One must first learn about pedestrian accidents in order to fully grasp the fundamentals of personal injury claims resulting from...

Read more
5 Best Sneakers That will Make Your Life Easier

5 Best Sneakers That will Make Your Life Easier

May 31, 2023
YTBsaver: Empowering Twitter Users with Video Conversion

YTBsaver: Empowering Twitter Users with Video Conversion

May 24, 2023
HOW TO CHOOSE THE BEST STRAIGHT EXTENSIONS FOR KINKY HAIR

HOW TO CHOOSE THE BEST STRAIGHT EXTENSIONS FOR KINKY HAIR

May 19, 2023
The Rise of Unconventional Feminine Brand Designers

The Rise of Unconventional Feminine Brand Designers

May 19, 2023

Categories

  • All (40)
  • App (1)
  • Beauty (11)
  • Business (9)
  • CBD (7)
  • Designers (5)
  • Fashion (22)
  • Food (1)
  • Health (4)
  • Lifestyle (24)
  • Makeup (5)
  • Models (5)
  • News (33)
  • Pet (1)
  • Shopping (5)
  • Sports (1)
  • Tech (4)
  • Tips and guide (7)
  • Travel (1)
  • Home
  • Privacy Policy
  • Contact us

© Copyright 2022, All Rights Reserved.

No Result
View All Result
  • Home
  • Beauty
  • Designers
  • Fashion
  • Lifestyle
  • Makeup
  • Models
  • News
  • Shopping