Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Cybercriminals View People as the Best Exploit: Report

Cybercriminals are increasingly focusing on tricking humans into becoming their unwitting accomplices in attempts to steal information and money, a new report from Proofpoint reveals.

Cybercriminals are increasingly focusing on tricking humans into becoming their unwitting accomplices in attempts to steal information and money, a new report from Proofpoint reveals.

While attacking the human element is by no means a new tactic, according to the recently released Proofpoint Human Factor 2016 report, social engineering has become the most used attack technique as attackers trick people into infecting their computers themselves and are less reliant on automated exploit technology. Proofpoint found that 99.7 percent of attachment documents and 98 percent of URLs in malicious email campaigns required human interaction to infect the target.

The report also reveals a trend among attackers who served phishing emails in the morning and social media spam at noon, riming their attacks to ensure optimal distraction. Tuesday mornings between 9-10 a.m. was the most popular time frame for phishing campaigns, while most social media spam hit in the afternoon.

As was the case in 2014, Tuesday remained the preferred day of the week for delivering malicious messages, though the difference compared to other days of the week was less pronounced. In fact, the report shows that attackers were most active from Monday to Wednesday and that click counts by day of the week followed a similar trend, with days toward the end of the work week showing decrease in clicks.

Malicious Microsoft Office macros, which first appeared in late 90s, started fading out when Office 2007 turned macros off by default. However, cybercriminals began using them again in late 2014 and early 2015, and increased the volume of spam emails containing attached documents with malicious macros by the end of last year, aggressively targeting organizations in the UK and Europe.

Proofpoint researchers also note that social media phishing scams became 10 times more common compared to social media malware. They also found that 40 percent of accounts on Facebook and 20 percent of accounts on Twitter claiming to represent a global 100 brand were unauthorized.

The report (PDF) also reveals that ransomware was highly popular in exploit kit campaigns in 2015, and that it continues to be the case in 2016 as well. Banking Trojans were the most popular threats used in malicious email campaigns, with Dridex message volume almost 10 times greater than the next most-used threat, Proofpoint researchers explain.

According to the report, people willingly downloaded more than two billion mobile applications designed to steal data, and the security company has found over 12,000 malicious mobile apps in authorized Android app stores. Many of these were built to steal user information, create backdoors on the compromised devices, and perform other nefarious functions.

Advertisement. Scroll to continue reading.

Proofpoint researchers also explain that dangerous mobile applications from rogue marketplaces affect 2 in 5 enterprises. Additionally, 40 percent of large enterprises sampled by the security firm had malicious apps from rogue app stores on mobile devices, with these programs capable of stealing personal information, passwords or data.

The report suggests that 2015 was the year during which attackers considered people as making the best exploits and focused on building social engineering into their lures and their vectors to trick people into clicking and opening an attachment, downloading an app, or handing over their credentials. Moving forward, attackers are expected to continue using a threat framework that has proven to be flexible, adaptable, and resilient, and which consists of five elements: actor, vector, hosts, payload, and command-and-control channel.

“Attackers moved from technical exploits to human exploitation in 2015,” said Kevin Epstein, vice president of Threat Operations for Proofpoint. “People’s natural curiosity and gullibility is now targeted at an unprecedented scale. Attackers largely did not rely on sophisticated, expensive technical exploits. They ran simple, high-volume campaigns that hinged on social engineering. People were used as unwitting pawns to infect themselves with malware, hand over key credentials, and fraudulently wire money on the attackers’ behalf.”

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.