According to our research, we see a continued increase in the usage of obfuscation techniques in phishing websites over the 10-month period between November 2019 until August 2020, representing an increase of more than 70% over that time frame, seen in Figure 1,.
Fig. 1: Number of phishing URLs using obfuscation techniques over time
The research focused on five obfuscation techniques that were explained in our previous blog. There was a significant increase in four of the monitored techniques between November 2019, and August 2020. The techniques that increased the most during the recorded period are content escaping obfuscation techniques (72%), Base64 encoding (800%), hex encoding variable name obfuscation (86%), and eval execution obfuscation (400%).
A notable increase can be seen starting in May of 2020. This can be explained as a byproduct of COVID-19 pandemic, as fear and uncertainty surrounding COVID-19 were abused and leveraged by threat actors in an effort to increase victim engagement during phishing campaigns.
Fig. 2: Percentage of phishing URLs using obfuscation techniques by targeted industry
Moreover, we believe that, as the human factor is still considered the weakest link in the chain, educating and creating awareness of such scams and evasion techniques should guide us as we move forward. In addition, we believe that security controls need to be able to detect and eliminate such evasive techniques.