In the data-driven business world everyone in an organisation — from employees to CEO, use email on a day to day basis. The use of email has reached such a level that it has now even become a top cyberattack vector, and cybercriminals are persistently targeting high-value individuals through phishing emails who have privileged access or handle sensitive data within an organization.
Today, people might say that phishing is old school and is not effective. But they are not aware that hackers are also leveraging the advanced technologies and using sophisticated methods to pwn. And one of those methods is Polymorphic Phishing Attacks.
The Rise Of Polymorphic Phishing
According to a source, IRONSCALES, an Israel-based cybersecurity firm was doing research on an automatic anti-phishing platform. And to the surprise, the firm has discovered that 42% of the phishing attempts they examined were “polymorphic” in nature. They identified 11,733 email phishing attacks that underwent at least one permutation over 12 months. And with 52,825 permutations, these attacks successfully made their way into 209,807 inboxes around the world.
Polymorphic email phishing is a phishing email sent to multiple users where an attacker implements slight but significant and often random changes to an emails’ artefacts — at least one of the following is being changed either randomly or manually/intentionally depending on the attack: Sender name, Sender address, Subject Greeting, Email body or signature.
This strategic approach of hacking has been seen in the wild since at least 2016. At the very beginning, this attack was all about generating “polymorphic URLs”, thousands of different URLs that would lead to phishing or malware delivery pages. However, gone are those days — today, even this attack has even extremely sophisticated, enabling attackers to quickly develop phishing attacks that can easily trick/manipulate and bypass most of the anti-phishing tools.
Example Of Polymorphic Phishing
Suppose you get an email and there is an attached that appears to be a pdf file. And when you fail to identify the email as phishing and open the file, it prompts an update message claiming the tool is not updated. And when you click the update link, it redirects you to a cloned web page that asks you to enter your credentials.
Furthermore, the email spreads like a virus across the company. But the catch here is that every employee would receive the email with a slight yet significant change, which wouldn’t let the employees detect whether its that same email.
The Role Of Dark Web
Behind this sophisticated phishing email attack, the darknet is playing a major role. There are a huge number of tools available on the dark web that help hackers carry out polymorphic phishing attacks on big companies.
According to a source, Over a five-month period, Dr Mike McGuire, Senior Lecturer in Criminology at the University of Surrey and his team analyzed over 70,000 Darknet websites in order to find out what type of tools and services are there.
What they find out through their research is quite surprising as the target companies are big enough. Around 40% of dark web offerings are targeted hacking services that specifically designed to exploit Fortune 500 and FTSE 100 companies.
Even though there were successful takedowns of dark web websites in the past, there are still numerous websites hosted on the dark web that are offering some of the most notorious services. And phishing tools are one among all those services that are gaining significant traction.
Over the past couple of years, the world has witnessed both — technologies to mitigate cyber threats and technologies to power up cyber threats. Meaning, advancement in technology is not only for the better side, but even the wrongdoers are also making the best use of technology to advance their attacking strategy.
Phishing is a great example — a type of attack that was once termed as not effective and easily detectable, today it has become a major threat. Targeted phishing attacks are increasingly bypassing gateway security controls and are landing right into employees’ mailboxes in every organisation around the globe. And the best way to cope with this is to have a strong and reliable security infrastructure. Also, sessions that train employees on different cyber-attacks.