New phishing techniques by criminals are proliferating. Barracuda Networks has identified that cybercriminals are using stealthier kits, invisible codes and malware hidden in images, among other tactics that lead to more sophisticated phishing attacks.

This is revealed by the latest report published under the name “Email Threat Radar”, which reveals a significant evolution in the tactics used by cybercriminals.

Over the last month, the company’s analysts have detected new evasion methods present in established phishing kits – such as Tycoon 2FA – and emerging tools such as the Cephas kit, in addition to a sophisticated attack that uses steganography to hide malware within seemingly harmless images.

Evolution of phishing kits

Tycoon 2FA is a prominent and successful phishing kit that remains a serious threat to businesses despite being in circulation since August 2023. Tycoon’s primary goal is to steal login details for Microsoft 365 and, more recently, Google Workspace accounts. It tricks employees into giving it their passwords and two-factor authentication codes.

What makes Tycoon dangerous is how frequently it changes. Each new version includes small but clever updates that help you avoid detection by traditional security tools.

Analysts have also observed the evolution of the Cephas phishing kit, first detected in August 2024. This kit stands out for inserting invisible characters into its source code, an unusual obfuscation technique that complicates the work of anti-phishing scanners and signature-based rules.

To mitigate risk, Barracuda recommends applying multi-factor authentication to all users and opting for phishing-resistant methods, such as physical security keys, versus SMS or app-generated codes.

Adding to these threats is a recent campaign in which attackers use steganography to hide malware inside PNG images. The attack begins with phishing emails that simulate legitimate commercial messages, with links to files hosted on trusted platforms.

The downloaded file, actually a heavily disguised malicious JavaScript, executes a command that launches PowerShell to download a PNG image from a seemingly benign site. Hidden within that image is real malware, invisible to most security solutions.

To mitigate risk, Barracuda recommends applying multi-factor authentication to all users and opting for phishing-resistant methods

Malware runs in memory, avoids leaving traces on disk, and uses obfuscated names and structures to remain undetected. Barracuda advises being alert to unusually large or duplicate files, anomalous traffic to unknown domains and, above all, strengthening protection with solutions that combine heuristic, visual and behavioral analysis.

BarracudaONE platform powered by AI

To address this range of new threats, Barracuda Email Protection offers a comprehensive set of capabilities designed to protect organizations from increasingly advanced tactics. These include phishing and malware defenses, phishing protection, incident response, domain fraud shields, and employee training tools.

Additionally, BarracudaONE provides complete visibility into cybersecurity deployments through a centralized, AI-powered dashboard. This way, companies can manage their organization’s security with confidence, leveraging advanced threat protection, real-time analysis, and proactive response capabilities. Robust reporting tools deliver clear, actionable insights, helping you monitor risks, measure ROI, and demonstrate operational impact.

84% of organizations have been compromised as a result of experiencing a direct attack on their network over the past 12 months. With the company’s solutions, and their combination of artificial intelligence and integration with Microsoft 365, Barracuda Networks makes it possible to detect and block hyper-targeted attacks that can be devastating for the different business units of companies.

BarracudaONE’s most recent enhancements consist of several updates to the Advanced Threat Protection system, which many of the company’s solutions already use routinely to support their core functions:

  • More effective detection of malicious HTM(L) artifacts and attachments
  • SVG file support.
  • Faster scanning of links and documents
Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.