The technology can be used to make mass phishing campaigns more effective by enhancing personalization, reducing costs and increasing evasiveness
Up until recently, phishing tactics were broadly targeted at the masses (mass phishing), or focused on specific individuals or groups (spear phishing).
In late 2023, researchers from Kaspersky had observed a statistical anomaly indicating a blend of spear and mass phishing tactics. They had intercepted emails that were too aggressive for spear phishing, but too sophisticated for mass phishing.
In one instance, a phishing email addressed the recipient (a human resources professional) by name, and referenced the target’s employer; yet the linked phishing form was a generic fake Outlook sign-in, a typical sign of mass phishing.
In another campaign employed, a real corporate email address had appeared in the sender’s name without any modification of the actual domain. This technique is called “ghost spoofing”, and is usually reserved for targeted attacks. However, it has since been used in mass phishing to add an air of authenticity — eventually leading victims to a generic phishing page.
In the current quarter, between March and May 2024, Kaspersky has detected a significant increase in such hybrid phishing emails. This rise may indicate that attackers are leveraging advanced technologies to reduce the cost and effort of personalizing mass attacks. AI-powered tools can now create convincing email content, fix typos, and enhance design, making such mixed attacks more effective and harder to detect.
According to one of the firm’s security experts, Roman Dedenok, attackers have been increasingly adopting spear phishing methods and technologies in their bulk campaigns, culminating in a trend of mass-phishing campaigns using increasingly personalized emails and an expanded range of spoofing technologies and tactics. “Despite being mass email (phishing) campaigns, these attacks present a significant threat. To combat this evolving threat, it is crucial to implement safeguards that keep pace with technological advances and employ a combination of methods and services,” Dedenok commented.
In the meantime, as of 16 July 2024, Kaspersky has announced it will wind down operations in the USA after the latter country’s Commerce Department placed it on a trade-restriction blacklist. According to CNN, a Kaspersky Lab spokesperson had announced: “The company has carefully examined and evaluated the impact of the US legal requirements, and made this sad and difficult decision as business opportunities in the country are no longer viable.” More details to follow.
