The following shows the attack types and increases from the report:
- Content escaping obfuscation techniques, 72%
- Base64 encoding, 800%
- HEX encoding variable name obfuscation, 86%
- Eval execution obfuscation, 400%
This page has been generated by the malicious code embedded in the email. This means that it is far more difficult to detect any malicious code up until the asset has been rendered.
Methods used for obfuscation
As most people already know, content escaping is a big factor in these attacks as a means of obfuscation. Obfuscation in programming and coding means that all of the code in an application is reworked to make it difficult, or impossible, to understand. Variables are named to be more confusing, comments are removed, data structures are changed and functions are introduced that confuse and change data.
This method is useful only to a point, however, because the information of the malicious payload is normally only revealed upon the page being rendered.
This makes it very difficult for the intent of the script to be known because it is handling the data, looping it into functions that will eventually generate the page data that the victim will see. The result is that much of the data cannot be analyzed without first rendering the page and then debugging it.
Developers usually use obfuscation in the source code of an application if parts of that code are exposed to the general public.
Impact on email security
The current wave of email-based attacks is proving more popular thanks to the relative success that the creators of these campaigns are seeing. Criminals around the world are starting to use this new method of scamming unsuspecting users, so it is important for an increase in user education relating to cybersecurity and phishing.
Basic observations about link structures, language used in the email and anything else that raises suspicion need to remain the focal point of email users. The global pandemic has also driven many phishing campaigns that take advantage of people and fool them into sharing information.
If you receive an email that you are not sure about, then it is usually safer to disregard it and contact the company or person directly and ask them if they are indeed trying to contact you. Always follow your organization’s best practices when dealing with phishing.