IRONSCALES, the automated phishing prevention, detection and response platform, has announced that 42% of all email phishing attacks are polymorphic, according to new company research that analyzed the frequency of attack permutations. Over the past 12 months, IRONSCALES identified 11,733 email phishing attacks that underwent at least one permutation.
In total, IRONSCALES recognized 52,825 permutations that impacted 209,807 inboxes across the world, reinforcing the ease and frequency at which attackers manipulate and repurpose a message’s artifacts to bypass email security tools, such as static protocols and signature-based detections.
IRONSCALES’ polymorphic attack research findings include:
- 96 attacks underwent between 251-521 permutations
- 293 attacks underwent between 101-250 permutations
- 411 attacks underwent between 51-100 permutations
- 2809 attacks underwent between 11-50 permutations
- 8166 attacks underwent between 2-10 permutations
Polymorphism occurs when an attacker implements slight but significant and often random changes to an emails’ artifacts, such as its content, copy, subject line, sender name or template in conjunction with or after an initial attack has deployed. This strategic approach enables attackers to quickly develop phishing attacks that trick signature-based email security tools that were not built to recognize such modifications to threats; ultimately allowing different versions of the same attack to land undetected in employee inboxes.
For SOC and security teams, defending against polymorphic email phishing attacks remain one of the most time-consuming and burdensome tasks, increasingly complicated by the availability of low-cost phishing kits proliferating on the Dark Web that attackers can use to automatically randomize artifact changes to evade detection. Currently, decentralized and distributed intelligence coupled with non-signature-based email security tools that utilize AI and machine learning to cluster similar attacks together have proven most successful at mitigating polymorphic email phishing threats.
“Polymorphic email phishing threats represent an incredibly difficult challenge for SOC and IT security teams to overcome,” said Eyal Benishti, founder and CEO, IRONSCALES. “Just as security personnel think that they may have a phishing threat under control, attackers can augment the artifacts to give the message an entirely new signature, thereby enabling what is for all intents and purposes the same malicious message to bypass the same human and technical controls that might have stopped a previous version of the attack.”
The research comes just weeks after IRONSCALES revealed the frequency at which the most basic email spoofing attacks were bypassing secure email gateways, DMARC and Office 365 Advanced Threat Protection.
IRONSCALES multi-layered advanced phishing threat protection platform combines technical controls to block as many phishing attacks as possible and end-user controls to help users detect more sophisticated polymorphic attacks at the mailbox-level, while incorporating employees as part of the defense strategy to detect what is missed by technology. Its adaptive platform uniquely combines human intelligence with machine learning and AI to automatically prevent, detect and respond to polymorphic phishing threats and predict future attacks, so if one control fails, there are others to compensate while maintaining an adaptive security architecture.