A gist on Polymorphic Phishing Cyber Attacks


Polymorphic Phishing Cyber Attack is a kind of email phishing attack where malevolent emails are sent to multiple users with slight changes being made to the email such as modifying sender name, sender address, subject greeting, email body or signature.

Ironscales, an Israel based Cybersecurity firm which was working on introducing an anti-phishing platform discovered in its developmental study that 42% of phishing emails were ‘polymorphic’ in nature. That means over 52,825 permutations were made to emails to reach over 209,807 inboxes across the world by hackers.

Automated response to cyber attacks offering company Ironscales says that emails of polymorphic nature started to circulate on the web from 2016. But initially, the hackers only changed the URLs leading to phishing or malware delivering pages. However, things have changed a bit now as attackers are seen using different techniques to detour most of the anti-malware & phishing tools.

For example, suppose you receive a virus infected email which says to click on the link and further asks you to download a PDF or app trapping you in the world of malware. Furthermore, the same email with a slight change in the subject line or content is also delivered to your co-employees to remain undetected.

Here security researchers say that darknet or dark web is also playing a vital role in propagating the phishing email attacks. Although law enforcement teams are trying hard to take down dark web portals, there are still numerous websites hosted on the dark-net which offer malicious services.

Finally, in the past two years, the world has witnessed technologies which mitigate cyber threats and those which help launch cyber attacks. So, the onus lies on who is using it and for what purpose.

As technology advancements have taken place in the world of hackers as well, new attacking strategies have emerged.

One such technology is phishing attack which was once treated not that effective. But it has now become a major threat. Nowadays targeted phishing attacks have become much sophisticated bypassing gateway security controls to land into employee mailboxes with perfection.

And the best way to mitigate such attacks is to improve your current Cybersecurity posture by installing robust IT infrastructure which can not only detect the attacks in time but can thwart them with greater potency.

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display