Attacks focus on people as well as their technology

Proofpoint has published its annual Human Factor report findings, which detail that cyberattackers are relying more than ever on exploiting people instead of software flaws to install malware, steal credentials/confidential information, and transfer funds.

  • 6 years ago Posted in
The report, based on analysis of attack attempts across more than 5,000 worldwide enterprise customers throughout 2016, provides a deep dive into attack trends across email, mobile, and social media communication channels to help organizations and users stay safe.
 
“Accelerating a shift that began in 2015, cybercriminals are aggressively using attacks that depend on clicks by humans rather than vulnerable software exploits—tricking victims into carrying out the attack themselves,” said Kevin Epstein, vice president of Proofpoint’s Threat Operations Center. “It’s critical that organizations deploy advanced protection that stops attackers before they have a chance to reach potential victims. The earlier in the attack chain you can detect malicious content, the easier it is to block, contain, and resolve.
 
Proofpoint’s Human Factor key findings include:
 
·         Business email compromise (BEC) attack message volume rose from 1%
in 2015 to 42% by the end of 2016 relative to emails bearing banking Trojans. BEC attacks, which have cost organizations more than $5 billion worldwide, use malware-free messages to trick recipients into sending confidential information or funds to cybercriminals. BEC is the fastest growing category of email-based attacks.
 
·         Someone will always click—and fast. Nearly 90% of clicks on malicious URLs occur within the first 24 hours of delivery with 25% of those occurring in just ten minutes, and nearly 50% of clicks occur within an hour. The median time-to-click (the time between arrival and click) is shortest during business hours from 8 a.m. to 3 p.m. EDT in the U.S. and Canada, a pattern that generally holds for the U.K. and Europe as well.
 
·         More than 90% of malicious email messages that featured nefarious URLs led users to credential phishing pages. And a full 99% of email-based financial fraud attacks relied on human clicks rather than automated exploits to install malware. Phishing messages designed to steal Apple IDs were the most sent, but Google Drive phishing links were the most clicked.
 
·         Half of the clicks on malicious URLs occur on devices that are outside the purview of enterprise desktop management. Forty-two percent of clicks on malicious URLs were made from mobile devices, double the long-running rate of 20%. And 8% of clicks occur on potentially vulnerable versions of Windows for which security patches are no longer available.
 
·         Social media fraudulent support account phishing increased 150% in 2016. During these attacks cybercriminals create a lookalike social-media account posing as the customer-service account of a trusted brand. When someone tweets to a company looking for help, the attacker swoops in.
 
·         Watch your inbox closely on Thursdays. Malicious email attachment message volume spikes more than 38% on Thursdays over the average weekday volume. Ransomware attackers in particular favor sending malicious messages Tuesday through Thursday. On the other hand, Wednesday is the peak day for banking Trojans. Point-of-sale (POS) campaigns are sent almost exclusively on Thursday and Friday, while keyloggers and backdoors favor Mondays.
 
·         Attackers understand email habits and send most email messages in the 4-5 hours after the start of the business day, peaking around lunchtime. Users in the U.S., Canada, and Australia tend to do most of their clicking during this time period, while French clicking peaks around 1 p.m. Swiss and German users don’t wait for lunch to click; their clicks peak in the first hours of the working day. U.K. workers pace their clicking evenly over the course of the day, with a clear drop in activity after 2 p.m.
Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and...
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real...