sb-au logo
Story image

Cybercriminals phish 'the human factor' for everything it's worth

23 Apr 2018

Cyber attackers are increasingly preying on human vulnerabilities and less on technical system flaws to create mayhem – or at least that’s what one report from Proofpoint claims.

The annual Human Factor report says that email continues to be the top attack vector of choice – and that 32% of clicks in malicious emails within 10 minutes of delivery. By one hour, that rises to 52%.

“Threat actors continue to find new ways to exploit our natural curiosity, desire to be helpful, love of a good bargain, and even our time constraints to convince us to click,” comments Proofpoint vice president of threat operations Kevin Epstein.

Phishing emails related to Dropbox were the top lure for phishing attacks, however Docusign phishing click rates exceeded those to Dropbox.

80% of malicious emails distribute ransomware and banking Trojans. Banking Trojans in particular appeared in 30% of malicious emails across Japan, Australia, and Europe. Japan was also targeted by the highest regional level of downloader activity in emails.

Business email compromise and fraud attacks affected 80% of organisations.

The study says that there was a 1850% year-on-year increase in the number of email fraud emails using language related to legal advice or practices in their subject lines.

Education, management consulting, and entertainment/media industries experienced the greatest number of email fraud attacks, averaging more than 250 attacks per organisation.

Education was the most-targeted vertical with an average number of attacks per organisation almost four times the average across all industries (up 120% year-over-year).

Construction, manufacturing, and technology topped the most phished industries, while manufacturing, healthcare, and technology were the top targets of crimeware, which aims to steal identities for financial gain.

“Our research clearly shows that it’s imperative to stop threats before they reach users over email, cloud applications, and social networks. Reducing initial exposure minimizes the chances that an organisation will experience a confidential data breach, business disruption, or direct financial loss,” Epstein continues.

The report also looked at social media attacks and found that 55% of social media customer support attacks went after customers of financial services organisations.

Organisations also need to be aware of criminals’ ability to typosquat, where they register fake websites with domains similar to genuine websites. Victims of phishing attacks are more likely to mistake these fake domains for their legitimate counterparts.

The report says that 40% of advanced persistent threat (APT) activity went after government and defence industries, but no industry is exempt.

Story image
Cryptomining trojan malware discovered by ESET researchers
The malware, primarily targeting victims in Czechia and Slovakia, prioritises subterfuge through deployment of multiple techniques to avoid detection, and leans heavily on the Tor network and BitTorrent protocol to achieve its goals.More
Link image
When it comes to data, resilience is king
Data is the most important asset for a business. But if it's not stored securely, or if it's not instantly available, its value can plummet. Learn more here.More
Story image
Global attack volume down, but fraud and cyber threats still going strong
“The move to digital, for both businesses and consumers, has been significant. Yet with this change comes opportunity for exploitation. Fraudsters look for easy targets: whether government support packages, new lines of credit or media companies with fewer barriers to entry."More
Story image
Research: 61% of companies have suffered an insider attack in last 12 months
It comes as rapid migration to cloud and remote working and BYOD scenarios leave organisations increasingly vulnerable to insider attacks as a result of the upheaval caused by the COVID-19 pandemic.More
Link image
Why metrics should always be front of mind for CTOs
Metrics can help businesses collaborate effectively with other senior stakeholders and act on large volumes of business and system performance data.More
Story image
Kaspersky releases new report on consumer’s approach to digital services
COVID-19 related restrictions and the necessity to stay indoors has influenced the way people approach digital services, making them more aware of how securely both they, and their housemates, use the internet.More