As cyber threats evolve, hackers are developing more sophisticated methods to infiltrate secure systems. Recent data reveals that attackers are leveraging natural language processing (NLP) to deceive email security tools. This trend poses a significant challenge to organizations relying on AI-driven phishing defenses.
Earlier reports showed that phishing attacks predominantly utilized straightforward malicious content easily detectable by NLP systems. However, the latest findings indicate a shift towards more complex obfuscation techniques, making it harder for traditional filters to identify threats.
How Hackers Manipulate Natural Language Processors
Attackers incorporate benign text, random links, and whitespace into phishing emails to distort NLP analyses. By doing so, they increase the number of “safe” elements, tricking the security systems into classifying the email as non-threatening.
“It is the attackers’ hope that by stacking enough benign elements at the bottom of an email, an NLP tool will generate a general conclusion that the email is safer than it is malicious and deliver it to the recipient’s inbox,”
Egress’ data shows that emails with sufficient benign components are more likely to bypass filters.
Common Evasion Techniques Identified
The study by Egress highlighted that links to reputable sites like Bank of America and Uber are frequently used to mask malicious content. Additionally, attackers insert random characters and uncommon links that are not flagged by existing email block lists, further aiding in evasion.
Impact on Email Security Measures
With attackers exploiting the limitations of NLP-based defenses, email security tools may inadvertently release phishing emails before thorough scanning is complete.
“The simplest thing you do is just look at certain phrases that are going to show up in attacks and not show up in safe stuff,”
said Dan Shiebler, head of machine learning at Abnormal Security. Egress noted that some security systems prioritize speed over accuracy, allowing these deceptive emails to reach recipients’ inboxes undetected.
The increasing complexity of phishing attacks necessitates advancements in email security technologies. Organizations must consider integrating more robust machine learning models that can better handle sophisticated obfuscation methods. Continuous monitoring and updating of security protocols are essential to stay ahead of evolving cyber threats.
