Story image

Cybercriminals phish 'the human factor' for everything it's worth

23 Apr 18

Cyber attackers are increasingly preying on human vulnerabilities and less on technical system flaws to create mayhem – or at least that’s what one report from Proofpoint claims.

The annual Human Factor report says that email continues to be the top attack vector of choice – and that 32% of clicks in malicious emails within 10 minutes of delivery. By one hour, that rises to 52%.

“Threat actors continue to find new ways to exploit our natural curiosity, desire to be helpful, love of a good bargain, and even our time constraints to convince us to click,” comments Proofpoint vice president of threat operations Kevin Epstein.

Phishing emails related to Dropbox were the top lure for phishing attacks, however Docusign phishing click rates exceeded those to Dropbox.

80% of malicious emails distribute ransomware and banking Trojans. Banking Trojans in particular appeared in 30% of malicious emails across Japan, Australia, and Europe. Japan was also targeted by the highest regional level of downloader activity in emails.

Business email compromise and fraud attacks affected 80% of organisations.

The study says that there was a 1850% year-on-year increase in the number of email fraud emails using language related to legal advice or practices in their subject lines.

Education, management consulting, and entertainment/media industries experienced the greatest number of email fraud attacks, averaging more than 250 attacks per organisation.

Education was the most-targeted vertical with an average number of attacks per organisation almost four times the average across all industries (up 120% year-over-year).

Construction, manufacturing, and technology topped the most phished industries, while manufacturing, healthcare, and technology were the top targets of crimeware, which aims to steal identities for financial gain.

“Our research clearly shows that it’s imperative to stop threats before they reach users over email, cloud applications, and social networks. Reducing initial exposure minimizes the chances that an organisation will experience a confidential data breach, business disruption, or direct financial loss,” Epstein continues.

The report also looked at social media attacks and found that 55% of social media customer support attacks went after customers of financial services organisations.

Organisations also need to be aware of criminals’ ability to typosquat, where they register fake websites with domains similar to genuine websites. Victims of phishing attacks are more likely to mistake these fake domains for their legitimate counterparts.

The report says that 40% of advanced persistent threat (APT) activity went after government and defence industries, but no industry is exempt.

A10 aims to secure Kubernetes container environments
The solution aims to provide teams deploying microservices applications with an automated way to integrate enterprise-grade security with comprehensive application visibility and analytics.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
One Identity a Visionary in Magic Quad for PAM
One Identity was recognised in the Gartner Magic Quadrant for Privileged Access Management for completeness of vision and ability to execute.
How to keep network infrastructure secure and available
Two OVH executives have weighed in on how network infrastructure and the challenges in that space will be evolving in the coming year.
Gartner names newcomer Exabeam a leader in SIEM
The vendor landscape for SIEM is evolving, with recent entrants bringing technologies optimised for analytics use cases.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
Symantec releases neural network-integrated USB scanning station
Symantec Industrial Control System Protection Neural helps defend against USB-borne cyber attacks on operational technology.
Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.