TRENDING won ’ t work reliably or won ’ t work at all on 71.4 % of attacks .
• Obfuscation techniques on the rise :
The proportion of phishing emails employing obfuscation techniques has jumped by 24.4 % in 2023 , sitting at 55.2 %. Egress Defend found that almost half ( 47 %) of phishing emails that use obfuscation contain two layers to increase the chances of bypassing email security defenses to ensure successful delivery to the target recipient . Less than one-third ( 31 %) use only one technique . HTML smuggling has proven the most popular obfuscation technique , accounting for 34 % of instances .
• Graymail dissected :
To understand how graymail impacts cybersecurity , Egress researchers analyzed 63.8 million emails that organizations received over four weeks . They found that , on average , one-third ( 34 %) of mail flow can be categorized as graymail ( bulk but solicited emails such as notifications , updates , and promotional messages ). Additionally , Wednesday and Friday are the most popular days of the week to send or receive graymail . The research found a direct correlation between the volume of graymail and the volume of phishing emails received ; people with busier inboxes are more likely to be targeted by phishing campaigns .
Real-time teachable moments really do improve people ’ s ability to accurately identify phishing emails .
rely heavily on quarantine barring end users from seeing phishing emails . But as our report highlights , phishing emails will inevitably get through . This is one of the reasons why we ’ ve flipped the quarantine model on its head , adding dynamic banners to neutralize threats within the inbox . These banners are designed to clearly explain the risk in a way that ’ s easy to understand , timely and relevant , acting as teachable moments that educate the user . Ultimately , teaching someone to catch a phish is a more sustainable approach for long-term resilience .” p
• Phishing currently has the upper hand as traditional perimeter detection is falling short :
More phishing emails are getting through traditional perimeter detection , so while overall volume hasn ’ t increased , the report shows attacks are increasing in sophistication and cybercriminals use a multitude of tactics to successfully get through perimeter email security . The percentage of emails that got through Microsoft defenses increased by 25 % from 2022 to 2023 . Likewise , the percentage of emails that got through secure email gateways ( SEGs ) increased by 29 % over the same period .
Additionally , the stats show an 11 % increase in phishing attacks sent from compromised accounts in 2023 . Almost half ( 47.7 %) of the phishing attacks that Microsoft ’ s detection missed were sent from compromised accounts . The most common type of payload is phishing links to websites ( 45 %), up from 35 % in 2022 . And all payloads bypassed signaturebased detection to some degree .
Chapman said : “ Real-time teachable moments really do improve people ’ s ability to accurately identify phishing emails . Legacy approaches to email security
www . intelligentcio . com INTELLIGENTCIO LATAM 23