Cybersecurity and compliance company Proofpoint has today released its Q4 2018 Threat Report, highlighting the threats and trends across Proofpoint’s global customer base and in the wider threat landscape.
One of the most notable trends centres on the rapid increase of email fraud attacks, also known as business email compromise.
Overall, Proofpoint researchers observed that the number of email fraud attacks against targeted companies increased 226% between Q3 2018 and Q4 2018, and 476% when comparing Q4 2017 and Q4 2018.
Proofpoint Asia-Pacific and Japan vice president Tim Bentley says, “Email fraud has seen explosive growth and it’s clear that today’s cybercriminals are relentlessly targeting people, rather than infrastructure.”
“As these threats continue to grow in volume and sophistication, it is imperative that organisations implement a people-centric security approach that includes a comprehensive email fraud defence and security awareness training.
“Ultimately, organisations must consider the individual risk each user represents, and understand how they are targeted, in order to better protect them.”
Every day, Proofpoint analyses more than five billion email messages, hundreds of millions of social media posts, and more than 250 million malware samples
Additional Q4 2018 Proofpoint threat findings
Banking Trojans remained the top email-borne threat in Q4 2018, making up 56% of all malicious payloads.
Of those, 76% were classified as Emotet.
Remote access Trojans accounted for 8.4% of all malicious payloads in Q4 and 5.2% for the year, marking a significant change from previous years in which they were rarely used by crimeware actors.
Social media channels remain key vectors for fraud and theft.
While the platforms themselves continue to develop automated protections, social media fraud remains a key challenge for consumers and the brands in which they interact, with fraudulent social media support account phishing, or ‘angler phishing’, increasing by 442% year-on-year. Interestingly, phishing links on social channels continue to drop as platforms address this issue algorithmically.
Steps to improve cybersecurity efforts
Organisations can further protect themselves in the coming months by taking the following steps: