"Email Defenses Under Siege: Phishing Attacks Dramatically Improve"

According to security experts, the fact that attackers are increasingly focused on crafting attacks specialized to bypass Microsoft's default security highlights an alarming evolution in phishing tactics. Threat actors are becoming more skilled at sneaking phishing attacks past platform email defenses by employing various techniques such as zero-point font obfuscation, hiding behind cloud-messaging services, and delaying payload activation. They are also conducting more victim targeting and research. As a result, nearly one in every five phishing emails slipped past Microsoft's platform defenses and into employees' inboxes in 2022, a rate that increased 74 percent from 2020, according to research published by the cybersecurity firm Check Point Software. Attackers increasingly used techniques such as zero-size fonts and hiding malicious URLs from analysis to bypass security checks such as Sender Policy Framework (SPF). Check Point is not the only vendor to warn that phishing attacks are becoming more sophisticated. In a survey, Proofpoint discovered that 83 percent of organizations had a successful email-based phishing attack, nearly half the number that had such an attack in 2020. According to Trend Micro's 2022 Mid-year Cybersecurity report, the number of phishing attacks more than doubled, increasing 137 percent in the first half of 2022 compared to the same period in 2021. Meanwhile, cybercriminals' services, such as Phishing-as-a-Service (PaaS) and Malware-as-a-Service (MaaS), encapsulate the most effective techniques into simple-to-use packages. In a survey of penetration testers and red teams, nearly half thought phishing and social engineering had the best return on investment. This article continues to discuss the growing sophistication of phishing attacks.

Dark Reading reports "Email Defenses Under Siege: Phishing Attacks Dramatically Improve"