The growing sophistication of tools and techniques for protecting people against phishing scams is forcing attackers to adapt and evolve their methods.
A Microsoft analysis of data collected from users of its products and services between January 2018 and the end of December showed phishing was the top attack vector for yet another year. The proportion of inbound emails containing phishing messages surged 250% between the beginning and end of 2018. Phishing emails were used to distribute a wide variety of malware, including zero-day payloads.
However, the growing use of anti-phishing controls and advances in enterprise detection, investigation, and response capabilities is forcing attackers to change their strategies as well. Microsoft said.
For one thing, phishing attacks are becoming increasingly polymorphic. Rather than using a single URL, IP address, or domain to send phishing emails, attackers last year began using varied infrastructure to launch attacks, making them harder to filter out and stop.
Read more: Dark Reading