Cybercriminals continue to use socially-engineered attacks across email, cloud applications, and social media to exploit human instincts and lure people to click, according to Proofpoint’s study
Cybercriminals continue to use socially-engineered attacks across email, cloud applications, and social media to exploit human instincts and lure people to click, according to Proofpoint’s study. The study is based on an 18-month analysis of data collected across Proofpoint’s global customer base.
More than 99% of threats analyzed for the research required human interaction, such as enabling a macro, opening a file, following a link or opening a document.
“Cybercriminals are aggressively targeting people because sending fraudulent emails, stealing credentials, and uploading malicious attachments to cloud applications is easier and far more profitable than creating an expensive, time-consuming exploit that has a high probability of failure,” said Kevin Epstein, vice president of Threat Operations for Proofpoint.
“More than 99% of cyberattacks rely on human interaction to work—making individual users the last line of defence. To significantly reduce risk, organizations need a holistic people-centric cybersecurity approach that includes effective security awareness training and layered defences that provide visibility into their most attacked users.”
Proofpoint’s report findings include:
- Microsoft lures remain a staple. Nearly 1 in 4 phishing emails sent in 2018 were associated with Microsoft products. 2019 saw a shift towards cloud storage, DocuSign, and Microsoft cloud service phishing in terms of effectiveness. The top phishing lures were focused on credential theft, creating feedback loops that potentially inform future attacks, lateral movement, internal phishing, and more.
- Threat actors are refining their tools and techniques in search of financial gain and information theft. While one-to-one attacks and one-to-many attacks were more common when impostor attacks first began to emerge, threat actors are finding success in attacks using more than five identities against more than five individuals in targeted organizations.
- The top malware families over the past 18 months have consistently included banking Trojans, information stealers, RATs, and other non-destructive strains designed to remain resident on infected devices and continuously steal data that can potentially provide future utility to threat actors.
- Attackers target people – and not necessarily traditional VIPs. They often target Very Attacked People (VAP) located deep within the organization. These users are more likely to be targets of opportunity or those with easily searched addresses and access to funds and sensitive data.
- The survey found that the education sector is frequently targeted with attacks of the highest severity and has one of the highest average number of VAPs across industries. The financial services industry has a relatively high average Attack Index but fewer VAPs.
In the first half of 2019, the most highly targeted industries shifted to financial services, manufacturing, education, healthcare, and retail.
The most effective phishing lures in 2018 were dominated by “Brainfood,” a diet and brain enhancement affiliate scam that harvests credit cards. Brainfood lures had click rates over 1.6 clicks per message, over twice as many clicks as the next most clicked lure.