Obfuscation tactics to bypass security system detection have been implemented in 55.2% of phishing emails from January to September 2023, representing a 24.4% increase over the same period last year, SiliconAngle reports.
Two or more obfuscation techniques have been leveraged by most phishing emails, with HTML smuggling, or malware distribution in dormant form being the most common approach, according to an Egress Software Technologies report. Such tactics have resulted in a 25% year-over-year increase in phishing campaigns that evaded Microsoft's security defenses, as well as a 29% improvement in bypassing secure email gateway systems.
More sophisticated phishing campaigns have also emerged with the help of artificial intelligence tools, the report showed.
"Without a doubt chatbots or large language models lower the barrier for entry to cybercrime, making it possible to create well-written phishing campaigns and generate malware that less capable coders could not produce alone," said Egress Vice President of Threat Intelligence Jack Chapman.
Thousands of organizations across the U.S. have been targeted by a new phishing campaign deploying the Bumblebee malware, which was last observed in the wild in September, according to BleepingComputer.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news