Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Egress

Emerging Accelerated Mobile Page (AMP) obfuscation technique used in over 7% of global phishing attacks, exploiting TikTok, Google, and Instagram

Egress’ Threat Intelligence Team has identified that over 7% of global phishing attacks now use an emerging obfuscation technique that employs Accelerated Mobile Page (AMP) links to mask malicious URLs. Often embedded in phishing emails that impersonate well-known brands, threat actors aim to undermine the 'hover' technique taught in most security awareness training programs.

Creating noise: The emerging obfuscation technique designed to evade email security NLP detection capabilities

Our Threat Intelligence team has observed an emerging obfuscation technique, specifically used to make Natural Language Processing (NLP) detection capabilities less effective. Broadly, malicious actors are adding additional characters, break lines, and legitimate links to the end of a phishing email in an attempt to disguise their malicious payloads amongst the noise and evade NLP detection.

24 takeaways from the Human Risk Summit 2024

The Human Risk Summit has concluded for another year, showcasing an exciting new theme focused on the personalization of security. This year’s discussions highlighted the importance of tailoring security measures to individual needs, with a strong focus on AI, social engineering tactics, and actionable steps organizations can take to strengthen their security strategy.

Old habits, new threats: Why more phishing attacks are bypassing outdated perimeter detection

Perimeter solutions such as Secure Email Gateways (SEGs) have long been a cornerstone of email security, historically serving as the primary line of defense against malicious emails entering an organization. Utilizing legacy technology such as signature and reputation-based detection, SEGs have provided pre-delivery intervention by quarantining malicious attacks before they reach the end recipient. Why, then, are 91% of cybersecurity leaders frustrated with their SEGs, and 87% considering a replacement?

Exploiting EUROs excitement: Phishing attacks surge using major brands as bait

Following the kick-off of the UEFA EUROs 2024 in Germany, Egress’ Threat Intelligence team has observed a massive spike in Euros-related phishing attacks, recording 7,000 unique campaigns with over 24,000 individual attacks since June 17th, 2024. These attacks are more sophisticated than you might expect, with many attackers choosing to impersonate businesses associated with the tournament rather than impersonating UEFA directly.

Small screens, high stakes: The risks of navigating email on mobile devices

Mobile phones have revolutionized the way we work, granting unprecedented freedom and flexibility to access emails and communicate from virtually anywhere. However, this convenience comes with its own set of risks, particularly when it comes to email security. With the rise in remote work and the increasing reliance on mobile devices, employees are now responding to work emails at all hours, often on personal devices.

The evolution of QR code phishing: Unmasking new 'quishing' tactics

Research has revealed that since 2021 there has been a material increase in QR code phishing (or ‘quishing’), as cybercriminals continue to exploit available technology and their widespread familiarity. The once rare payload is nearly fourteen times more common in 2024 than it was three years ago, accounting for only 0.8% of attacks in 2021. This figure jumped to 1.4% in 2022, a staggering 12.4% in 2023, and has plateaued at 10.8% from January to March 2024.

Beyond the basics: Leveling up security awareness training for modern threats

Security awareness training (SAT) holds a crucial role in protecting businesses from modern threats. A well-designed SAT program not only educates employees but also helps foster a genuine security-conscious culture within the organization. In this blog, we explore how organizations can level up their basic SAT initiatives and highlight the oversight of compliance-driven training in fostering a genuine security-conscious culture.

Key takeaways from the 2024 Phishing Threat Trends Report

Our latest Phishing Threat Trends Report gives a comprehensive oversight into the types of phishing attacks and tactics organizations are facing so far in 2024, from the rise of ‘quishing’ and AI-powered phishing campaigns to the multi-channel approach. In this blog, we look at the key findings from the report, the industries and demographics most at risk, and the evolution of payloads from 2021 to date.