Академический Документы
Профессиональный Документы
Культура Документы
INTRO 1
THE RESEARCH 2
OVERVIEW 3
PHISHING VECTORS 5
SPEARPHISHING 6
EXTORTION 7
CREDENTIAL HARVESTING 8
MALWARE PHISHING 9
PHISHING INDICATORS 10
BRAND IMPERSONATION 11
OBFUSCATION 12
OBFUSCATION TYPES 13
CONCLUSION 14
avan an .com
INTRO
Phishing occurs when a n a tta cker sends a com m unica tion ? usua lly a n em a il ? to a n individua l
a ttem pting to influence them to open a n infected file or click on a m a licious link to a pa ge tha t
will request credentia ls or drop m a lwa re. Once the victim clicks, the crim ina l ca n uploa d m a lwa re
a nd enga ge in other insidious a cts tha t will ena ble prolonged a ccess to the system . (2018 Verizon
Da ta Brea ch Investiga tion Report)
As our resea rc h t ea m c onsist ent ly rea lized t ha t t his a p p roa c h offered new insig ht s int o
how a t t a c ks m a ke it t o t he inb ox, w e felt c om p elled t o c om b ine t he d a t a a nd m a ke t he
follow ing rep ort a va ila b le.
1
THE RESEARCH
EMAILS ANALYZED
55.5 Million
INDUSTRIES
COMPANY SIZE
PLATFORMS
2
© 2019 Avanan. avan an .com
OVERVIEW
For m ost org a niza t ions, p hishing is t he num b er one em a il sec urit y t hrea t ,
out ra nking b ot h m a lw a re a nd ra nsom w a re. We a na lyzed over 55 m illion em a ils t o
p rovid e a c lea r p ic t ure of t he t hrea t la nd sc a p e.
On e in ev er y 99 em a ils is
a p h ish in g a t t a c k .
3
© 2019 Avanan. avan an .com
OFFICE 365 DEEP DIVE
In our a na lysis of over 52 m illion em a ils sent t o Offic e 365, w e sc a nned every
em a il a ft er t he d efa ult sec urit y, a llow ing us t o see not only t he p hishing a t t a c ks
t ha t w ere c a ug ht , b ut a lso t hose t ha t w ere m issed . This g a ve us d eep d a t a on
every p hishing a t t a c k c a ug ht or m issed , a nd how t hey w ere c la ssified .
w hitelisted *
m a rked a s 5.3%
20.7% b y a d m in c onfig
p hishing b y EOP
m a rked a s m a rked a s
4 9% 25%
sp a m b y EOP c lea n b y EOP
* These a re phishing em a ils tha t a re not blocked due to a dm in configura tions set up by
the orga niza tion tha t ina dvertently whitelist em a ils tha t would otherwise get blocked.
4
© 2019 Avanan. avan an .com
PHISHING VECTORS
Wha t t yp e of p hishing a t t a c k is m ost c om m on? We looked a t 561,947 p hishing
a t t a c ks a nd b roke t hem d ow n int o four vec t ors, ea c h illust ra t ing a d ifferent
a p p roa c h t a ken b y t he b a d a c t or.
Sp ea r p h ish in g
0.4 %
Ex t or t ion
8%
Cr ed en t ia l
4 0.9%
Ha r v est in g
Ma lw a r e
50.7%
Ph ish in g
Ov er h a lf of a ll p h ish in g
a t t a c k s c on t a in m a lw a r e.
5
© 2019 Avanan. avan an .com
LEARN THE PHISHING VECTORS
SPEARPHISHING (0.4%of p hishing a tta c ks)
Alt houg h sp ea rp hishing is fa r less c om m on t ha n t he ot her t hree vec t ors, it oft en ha s
t he la rg est im p a c t . Sp ea rp hishing a t t a c ks t a rg et hig h level em p loyees w ho ha ve
a c c ess t o eit her c om p a ny fina nc es or ot her sensit ive inform a t ion. Their g oa l is t o
est a b lish t rust a nd urg enc y t o c onvinc e t he rec ip ient t o c om p ly w it h t he a sk. These
p hishing a t t a c ks c a n a lso b e t he m ost d iffic ult t o d et ec t , g iven t he la c k of
a t t a c hm ent s or links t ha t c a n b e fla g g ed b y a nt i- p hishing t ools. They rely on soc ia l
eng ineering , ra t her t ha n t ec hnic a l b yp a ss m et hod s, t o d ec eive t a rg et s int o
surrend ering a w ea lt h of inform a t ion.
COMMON TRAITS OF
SPEARPHISHING EMAILS
6
LEARN THE PHISHING VECTORS
EXTORTION (8%of p hishing a tta c ks)
The d ig it a l form of b la c km a il, ext ort ion em a ils a re a lm ost a lw a ys a re a ft er m oney.
The send er of t he p hishing em a il w ill c la im t o ha ve c om p rom ising inform a t ion a b out
t he rec ip ient . But unlike sp ea rp hishing , t hese t hrea t ening em a ils a re usua lly sent
en- m a sse, m ea ning t ha t t he c ont ent of t he m essa g e is usua lly va g ue. In ord er t o
lend a ut horit y t o t heir c la im , t he a t t a c ker t yp ic a lly list s t he vic t im 's c urrent or p a st
p a ssw ord t ha t w a s ob t a ined from a d a t a lea k a nd sold on t he d a rk w eb .
7
© 2019 Avanan. avan an .com
LEARN THE PHISHING VECTORS
CREDENTIAL HARVESTING (40.9%of p hishing a tta c ks)
Cred ent ia l ha rvest ing a t t a c ks lure t he vic t im int o d ivulg ing p ersona l inform a t ion t ha t
g ra nt s a c c ess t o online a c c ount s or p ersona l fina nc es. Cred ent ia ls ra ng e from em a il
p a ssw ord s t o c red it c a rd num b ers. Usua lly, c red ent ia l ha rvest ing im p ersona t e
t rust ed b ra nd s like Am a zon t o t ric k t he rec ip ient int o ent ering t heir userna m e a nd
p a ssw ord in a sp oofed log in p a g e. Wit h t hese c red ent ia ls, ha c kers t a ke over t he
vic t im 's a c c ount or sell t he inform a t ion on t he b la c k m a rket in b ulk.
Trusted b ra nd log o
Link in the em a il b od y or a n
a tta c hm ent (.d oc x or PDF)
8
© 2019 Avanan. avan an .com
LEARN THE PHISHING VECTORS
MALWARE PHISHING (50.7%of p hishing a tta c ks)
This vec t or uses a p hishing em a il t o inst a ll m a lw a re on t he rec ip ient 's d evic e. These
a t t a c ks oft en b yp a ss t ra d it iona l m a lw a re sc a ns sinc e t he em a il it self is not
m a lic ious; inst ea d , t he em a il c ont a ins a link t ha t t rig g ers a d ow nloa d of m a lic ious
c ont ent (know n a s a troja n) or ha s a m a lic ious a t t a c hm ent .
Ha s a n a tta c hm ent
9
© 2019 Avanan. avan an .com
PHISHING INDICATORS
The sig ns of a p hishing a t t a c k c a n b e sub t le a nd inc onsist ent , m a king t hem ha rd t o
d et ec t . As you c a n see b elow , t here a re p lent y of rea sons w hy a leg it im a t e em a il m a y
p ossess t ra it s t ha t a re c om m on in p hishing em a ils. This is w hy it is vit a l you use a n
a nt i- p hishing solut ion, w hic h c a n a na lyze t hese sub t le t ra it s w it h a ut om a t ed p rec ision.
Leg it im a t e Phishing
3% 4%
97% 96%
Conta ins a shortened link Sent to und isc losed rec ip ients
5% 9%
95% 91%
Conta ins a link to a Word Press site Conta ins a c ryp tow a llet a d d ress
2%
35%
65% 98%
2.
5%
9 .7
%
4 3%
38%
11
© 2019 Avanan. avan an .com
PHISHING TREND OF THE YEAR
OBFUSCATION
W h y ob fu sc a t ion is effec t iv e
These m et hod s a re d esig ned t o not only fool t he rec ip ient b ut a lso syst em a t ic a lly
b yp a ss em a il sec urit y sc a ns.
12
© 2019 Avanan. avan an .com
PHISHING TREND OF THE YEAR
OBFUSCATION TYPES
At t heir c ore, ob fusc a t ion a t t a c ks rely on t he em a il b eing rend ered t o t he end - user
d ifferent ly t ha n how it a p p ea rs t o t he m a c hine- b a sed sec urit y la yer. The g enera lized
g roup s of ob fusc a t ion inc lud e:
Em a il Bod y
Ha c kers ed it t he ht m l of t he em a il b od y t o c onfuse na t ura l la ng ua g e
p roc essing or hid e URLs from d et ec t ion t ec hnolog y.
At t a c hm ent
Hid ing m a lic ious links w it hin a n ot herw ise b enig n a t t a c hm ent t o
t a ke a d va nt a g e of t he d isc onnec t b et w een em a il link sc a nning
a nd a t t a c hm ent sc a nning t ec hnolog y.
13
© 2019 Avanan. avan an .com
CONCLUSION
Phishing a tta c ks a re b ec om ing inc rea sing ly sop histic a ted a nd d iffic ult for
hum a ns a nd m a c hines a like to d etec t. Em p loyees a re b om b a rd ed w ith
sp ea rp hishing , extortion, c red entia l ha rvesting , a nd m a lw a re a tta c ks. Yet Offic e
365 a nd Gm a il c a nnot relia b ly b loc k em a ils c onta ining m a lic ious la ng ua g e, links,
or a tta c hm ents.
Ava na n's a na lysis of 55.5 m illion em a ils in this rep ort exem p lifies how ha c kers
suc c eed a t d ec eiving org a niza tions of a ny ind ustry a nd size. At the sa m e tim e, it
a ttests to Ava na n's ric h insig hts into the p hishing la nd sc a p e, a nd how Ava na n
c a n id entify the evolving m ethod s ha c kers use to eva d e d etec tion.
As p hishing a tta c ks c ontinue to w rea k ha voc a c ross the g lob e, Ava na n is uniq uely
p ositioned to p rotec t c om p a nies from the threa ts tha t Offic e 365 a nd Goog le
m iss. Unlike other em a il sec urity solutions, Ava na n sits insid e the em a il p rovid er's
c loud , stop p ing threa ts a fter the em a il p rovid er ha s sc a nned b ut b efore they
rea c h the inb ox.
Ava na n is the fina l line of d efense for g lob a l c om p a nies looking to sec ure their
em a il from the unrelenting efforts of ha c kers.
ABOUT AVANAN
Ava na n a ug m ents the sec urity of c loud - b a sed em a il, m essa g ing , a nd file- sha ring
a c ross enterp rise p la tform s inc lud ing Offic e 365? , G- Suite? , a nd Sla c k? . It d ep loys
in m inutes via API to b loc k p hishing , m a lw a re, d a ta lea ka g e, a c c ount ta keover,
a nd sha d ow IT. The c loud - na tive p la tform is a c ore c om p onent of lea d ing sec urity
vend or solutions, a nd d ep loys b est- of- b reed tec hnolog ies from trusted p a rtners
inc lud ing Chec k Point, La stline, a nd FireEye.
© 2019 Avanan. All Righ t s Reserved . Th e Avanan nam e an d logo an d all ot h er n am es, logos, an d slogan s id en t ifyin g
Avanan's p rod uct s and services are t rad em arks an d service m arks or regist ered t rad em arks an d service m arks of Avanan
Trad em ark Services LLC or it s affiliat es in t h e Unit ed St at es an d /or ot h er coun t ries. All ot h er t rad em arks an d service
m arks are t h e p rop ert y of t h eir resp ect ive ow n ers. 04/19 14
Av a n a n is a c lou d - n a t iv e sec u r it y p la t for m for c om m u n ic a t ion s a n d c olla b or a t ion .