42 percent of email phishing attacks are polymorphic cites study

June 3, 2019
IRONSCALES analysis spotlights the frequency at which attackers can manipulate a message’s artifacts to bypass email security tools, protocols and signature detection

TEL AVIV & ATLANTA – JUNE 3, 2019 – IRONSCALES, the world’s first automated phishing prevention, detection and response platform, today announced that 42% of all email phishing attacks are polymorphic, according to new company research that analyzed the frequency of attack permutations. Over the past 12 months, IRONSCALES identified 11,733 email phishing attacks that underwent at least one permutation. In total, IRONSCALES recognized 52,825 permutations that impacted 209,807 inboxes across the world, reinforcing the ease and frequency at which attackers manipulate and repurpose a message’s artifacts to bypass email security tools, such as static protocols & signature-based detections. IRONSCALES’ polymorphic attack research findings include: 

  • 96 attacks underwent between 251-521 permutations
  • 293 attacks underwent between 101-250 permutations
  • 411 attacks underwent between 51-100 permutations
  • 2809 attacks underwent between 11-50 permutations
  • 8166 attacks underwent between 2-10 permutations

Understanding Polymorphism Polymorphism occurs when an attacker implements slight but significant and often random changes to an emails’ artifacts, such as its content, copy, subject line, sender name or template in conjunction with or after an initial attack has deployed. This strategic approach enables attackers to quickly develop phishing attacks that trick signature-based email security tools that were not built to recognize such modifications to threats; ultimately allowing different versions of the same attack to land undetected in employee inboxes.

For SOC and security teams, defending against polymorphic email phishing attacks remain one of the most time-consuming and burdensome tasks, increasingly complicated by the availability of low-cost phishing kits proliferating on the Dark Web that attackers can use to automatically randomize artifact changes to evade detection. Currently, decentralized and distributed intelligence coupled with non-signature-based email security tools that utilize AI and machine learning to cluster similar attacks together have proven most successful at mitigating polymorphic email phishing threats.

“Polymorphic email phishing threats represent an incredibly difficult challenge for SOC and IT security teams to overcome,” said Eyal Benishti, founder and CEO, IRONSCALES. “Just as security personnel think that they may have a phishing threat under control, attackers can augment the artifacts to give the message an entirely new signature, thereby enabling what is for all intents and purposes the same malicious message to bypass the same human and technical controls that might have stopped a previous version of the attack.”

Today’s news comes just weeks after IRONSCALES revealed the frequency at which the most basic email spoofing attacks were bypassing secure email gateways, DMARC and Office 365 Advanced Threat Protection. 

IRONSCALES multi-layered advanced phishing threat protection platform combines technical controls to block as many phishing attacks as possible and end-user controls to help users detect more sophisticated polymorphic attacks at the mailbox-level, while incorporating employees as part of the defense strategy to detect what is missed by technology. Its adaptive platform uniquely combines human intelligence with machine learning and AI to automatically prevent, detect and respond to polymorphic phishing threats and predict future attacks, so if one control fails, there are others to compensate while maintaining an adaptive security architecture. 

Click here to learn how IRONSCALES advanced phishing threat protection platform stopped a polymorphic attack that was targeting a UK construction company. And for more information about how IRONSCALES automatically prevents, detects and responds to polymorphic phishing attacks using clustering technology, visit www.ironscales.com and follow @IRONSCALES.

About IRONSCALES   IRONSCALES is the leader in anti-email phishing technologies. Using a multi-layered and automated approach starting at the mailbox-level to prevent, detect and respond to today’s sophisticated email phishing attacks, IRONSCALES expedites the time from phishing attack discovery to enterprise-wide remediation, reducing the time from detection to response from hours or days to just seconds or minutes, by significantly reducing the workload on incident responders. Headquartered in Tel Aviv, Israel, IRONSCALES was founded by a team of security researchers, IT and penetration testing experts, as well as specialists in the field of effective interactive training, in response to the phishing epidemic that today costs companies millions of dollars annually. It was incubated at the 8200 EISP, the top program for cyber security ventures, founded by alumni of the Israel Defense Forces’ elite Intelligence Technology unit.