IRONSCALES – Why humans must use machines to curb email phishing attacks

Phishing has evolved from a mere nuisance into a global epidemic, negatively affecting the operations of organizations of all sizes and across all industries at high frequency according to a new report by IRONSCALES.

In 2016 alone, the SANS Institute revealed that 95% of all cyberattacks began with spearphishing; the Ponemon Institute reported 86% of all phishing attacks contain ransomware, while the Anti Phishing World Group (APWG) discovered a 65% increase in phishing attacks compared to the previous year, totaling 1,220,523 attacks wordwide.

“Of all attack vectors, email remains the most commonly exploited for a variety of reasons. Malicious emails
continue to easily bypass legacy SPAM Filters, firewalls, and gateway security scans that still inexcusably rely on
signatures and email content scanning when analyzing messages,” states the report titled Trend report – How modern email Phishing attacks have Organisations on the Hook.

IRONSCALES notes that due to human nature, it takes only a few unaware or preoccupied users to download or click on a malicious email link or attachment to inadvertantely provide attackers with access to sensitive corporate
networks and data.

Thirdly, a report from FireEye cites the average time from breach to detection being 146 days globally, and
a colossal 469 days for the EMEA region, which means early detection and alerts are as important as ever.

In the midst of phishing attacks becoming exponentially more sophisticated and targeted, the majority of email security providers continue to offer signature-based and behavioral signature solutions that scan links and attachments; determine domain reputation and verify sender-receiver relationship, among other futile safeguards.

“Knowing that the use of signature and rules-based solutions continue as the status quo, attackers often find their hacking tools and techniques relatively unchallenged by defenses that are limited to following rules that hackers can easily subvert through spearphishing and social engineering. Although there is almost universal agreement by malware researchers to ditch YARA Rules and regular expressions, many email security solutions are lagging in doing so. In the meantime, many mid-sized and large organizations are investing millions in security awareness and training to help employees identify and report phishing emails in realtime,” states the report.

“But what most of the cybersecurity industry and many organizations don’t yet fully realize, is that to truly
minimize the risk of email phishing attacks, machines and humans must continuously work together.”

During the study, IRONSCALES states that it analyzed data from more than 100 of its customers and 500,000 mailboxes across four continents from 2016 to 2017 in order to better understand trends in email phishing, attacker patterns, phishing tools & techniques, and hacker preferences. In total, more than 8,500 verified attacks that bypassed spam filters were evaluated.

According to the report, attackers target specific individuals who they deem most susceptible to social engineering attacks. The attackers are also finding it increasingly beneficial to target attacks on fewer mailboxes because:
1. they prefer to stay below the rader (the less people targeted, the fewer conversations, as a result of less alarm bells raised).
2. more sophisticated targeting allows for tailored messages to certain projects and jobs.
3. Hyper-personalized targeting has proven effective at tricking people susceptable to emails written with a
personal touch.