sb-as logo
Story image

Proofpoint unveils the biggest cyber threat hotspots from Q4 2016

10 Feb 2017

Proofpoint has released its Quarterly Threat Summary looking back at 2016, and it’s a case of more sophisticated evolution, more email malware, more social engineering, more BEC scams and more of a market for cyber exploit kits.

Q4 saw the biggest malicious email campaign yet, which was 6.7 times bigger than those seen in Q3.  Both campaigns used zipped JavaScript attachments to distribute the notorious Locky, which Proofpoint says explains the increase in Locky campaign volumes.

Business Email Compromise (BEC) scams were also on the rise, but CEO-CFO spoofing dropped 28%, down from its 39% high in Q3.

Social media phishing attacks have jumped by 500% in 2016 alone. Angler phishing was a popular method, which intercepts customer support channels on social media.

Fraudulent accounts on social channels also jumped by 100% between Q3 and Q4 alone, which Proofpoint says may be indicative of use in phishing, social spam and malware distribution and other attacks.

Mobile devices were not shielded from malware, as hundreds of thousands were exposed to malvertising, ad redirection and potential attack vectors through DNSChanger EK, which used SOHO router exploits that exposed all connected devices via DNS redirection.

More than 4500 mobile apps that tied themselves to the Summer Olympics and associated sponsor brands were also malicious. Proofpoint says that popular events and culture are common targets for risky apps.

Proofpoint’s top tips for organisations:

  • Assume users will click on links: Social engineering is popular, effective and rapidly evolving. Use a solution that identifies and quarantines inbound threats that target employees and outbound email threats that target customers.
  • Protect your brand reputation and customers: Look out for attacks – especially from fraudulent piggyback accounts - that target your customers over social media, email and mobile. Use a social media solution that can scan and report fraudulent activity.
  • Keep your mobile app environments secure: Mobile environments increase the risk of unauthorised apps that can steal critical information. Use a data-driven solution that works with mobile device management to show app behaviour and the data they are accessing.
  • Partner with a threat intelligence vendor: As attacks are getting more targeted, partnering with a vendor gives organisations a solution that combines static and dynamic techniques to protect and learn from threats.
Story image
Entrust acquires HyTrust, with aim to improve data encryption solutions
Entrust says the acquisition will bolster its effort to deliver data protection and compliance solutions to its customers, while accelerating their digital transformations.More
Story image
New year, time to update your passwords
The most popular passwords of 2020 were easy-to-guess number combinations, such as 123456, the word password, qwerty, iloveyou, and other uncomplicated options.More
Story image
Hornetsecurity acquires Altaro, the latest in acquisition spree
The move is a culmination of a medley of acquisitions made by Hornetsecurity recently, following the January 2019 acquisition of Spamina, a Spanish cloud email security company, as well as EveryCloud, its British market partner, in early 2020.More
Story image
Cybercriminals leverage AI to sustain attacks on enterprises
What is less discussed is how cybercriminals are taking advantage of those very same technologies to automate their attacks, too.More
Story image
Palo Alto Networks advances attack surface management with Expanse
"By integrating Expanse's attack surface management capabilities into Cortex after closing, we will be able to offer the first solution that combines the outside view of an organisation's attack surface with an inside view to proactively address all security threats."More
Story image
How the editorial team works at Techday: Our tips for you
Preparing your releases in a particular way will not only make our lives easier, but improve the chances of your lead being picked among the masses.More