Story image

Cybercriminals phish 'the human factor' for everything it's worth

23 Apr 18

Cyber attackers are increasingly preying on human vulnerabilities and less on technical system flaws to create mayhem – or at least that’s what one report from Proofpoint claims.

The annual Human Factor report says that email continues to be the top attack vector of choice – and that 32% of clicks in malicious emails within 10 minutes of delivery. By one hour, that rises to 52%.

“Threat actors continue to find new ways to exploit our natural curiosity, desire to be helpful, love of a good bargain, and even our time constraints to convince us to click,” comments Proofpoint vice president of threat operations Kevin Epstein.

Phishing emails related to Dropbox were the top lure for phishing attacks, however Docusign phishing click rates exceeded those to Dropbox.

80% of malicious emails distribute ransomware and banking Trojans. Banking Trojans in particular appeared in 30% of malicious emails across Japan, Australia, and Europe. Japan was also targeted by the highest regional level of downloader activity in emails.

Business email compromise and fraud attacks affected 80% of organisations.

The study says that there was a 1850% year-on-year increase in the number of email fraud emails using language related to legal advice or practices in their subject lines.

Education, management consulting, and entertainment/media industries experienced the greatest number of email fraud attacks, averaging more than 250 attacks per organisation.

Education was the most-targeted vertical with an average number of attacks per organisation almost four times the average across all industries (up 120% year-over-year).

Construction, manufacturing, and technology topped the most phished industries, while manufacturing, healthcare, and technology were the top targets of crimeware, which aims to steal identities for financial gain.

“Our research clearly shows that it’s imperative to stop threats before they reach users over email, cloud applications, and social networks. Reducing initial exposure minimizes the chances that an organisation will experience a confidential data breach, business disruption, or direct financial loss,” Epstein continues.

The report also looked at social media attacks and found that 55% of social media customer support attacks went after customers of financial services organisations.

Organisations also need to be aware of criminals’ ability to typosquat, where they register fake websites with domains similar to genuine websites. Victims of phishing attacks are more likely to mistake these fake domains for their legitimate counterparts.

The report says that 40% of advanced persistent threat (APT) activity went after government and defence industries, but no industry is exempt.

Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Malware downloader on the rise in Check Point’s latest Threat Index
Organisations continue to be targeted by cryptominers, despite an overall drop in value across all cryptocurrencies in 2018.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.