Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Cybercriminals View People as the Best Exploit: Report

Cybercriminals are increasingly focusing on tricking humans into becoming their unwitting accomplices in attempts to steal information and money, a new report from Proofpoint reveals.

Cybercriminals are increasingly focusing on tricking humans into becoming their unwitting accomplices in attempts to steal information and money, a new report from Proofpoint reveals.

While attacking the human element is by no means a new tactic, according to the recently released Proofpoint Human Factor 2016 report, social engineering has become the most used attack technique as attackers trick people into infecting their computers themselves and are less reliant on automated exploit technology. Proofpoint found that 99.7 percent of attachment documents and 98 percent of URLs in malicious email campaigns required human interaction to infect the target.

The report also reveals a trend among attackers who served phishing emails in the morning and social media spam at noon, riming their attacks to ensure optimal distraction. Tuesday mornings between 9-10 a.m. was the most popular time frame for phishing campaigns, while most social media spam hit in the afternoon.

As was the case in 2014, Tuesday remained the preferred day of the week for delivering malicious messages, though the difference compared to other days of the week was less pronounced. In fact, the report shows that attackers were most active from Monday to Wednesday and that click counts by day of the week followed a similar trend, with days toward the end of the work week showing decrease in clicks.

Malicious Microsoft Office macros, which first appeared in late 90s, started fading out when Office 2007 turned macros off by default. However, cybercriminals began using them again in late 2014 and early 2015, and increased the volume of spam emails containing attached documents with malicious macros by the end of last year, aggressively targeting organizations in the UK and Europe.

Proofpoint researchers also note that social media phishing scams became 10 times more common compared to social media malware. They also found that 40 percent of accounts on Facebook and 20 percent of accounts on Twitter claiming to represent a global 100 brand were unauthorized.

The report (PDF) also reveals that ransomware was highly popular in exploit kit campaigns in 2015, and that it continues to be the case in 2016 as well. Banking Trojans were the most popular threats used in malicious email campaigns, with Dridex message volume almost 10 times greater than the next most-used threat, Proofpoint researchers explain.

According to the report, people willingly downloaded more than two billion mobile applications designed to steal data, and the security company has found over 12,000 malicious mobile apps in authorized Android app stores. Many of these were built to steal user information, create backdoors on the compromised devices, and perform other nefarious functions.

Advertisement. Scroll to continue reading.

Proofpoint researchers also explain that dangerous mobile applications from rogue marketplaces affect 2 in 5 enterprises. Additionally, 40 percent of large enterprises sampled by the security firm had malicious apps from rogue app stores on mobile devices, with these programs capable of stealing personal information, passwords or data.

The report suggests that 2015 was the year during which attackers considered people as making the best exploits and focused on building social engineering into their lures and their vectors to trick people into clicking and opening an attachment, downloading an app, or handing over their credentials. Moving forward, attackers are expected to continue using a threat framework that has proven to be flexible, adaptable, and resilient, and which consists of five elements: actor, vector, hosts, payload, and command-and-control channel.

“Attackers moved from technical exploits to human exploitation in 2015,” said Kevin Epstein, vice president of Threat Operations for Proofpoint. “People’s natural curiosity and gullibility is now targeted at an unprecedented scale. Attackers largely did not rely on sophisticated, expensive technical exploits. They ran simple, high-volume campaigns that hinged on social engineering. People were used as unwitting pawns to infect themselves with malware, hand over key credentials, and fraudulently wire money on the attackers’ behalf.”

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Matthew Cowell has assumed the role of VP of Strategic Alliances at Nozomi Networks. He previously served in the same role at Dragos.

Bret Arsenault is retiring from his full-time role after 35 years at Microsoft.

Social engineering defense platform Doppel has appointed Bobby Ford as Chief Strategy and Experience Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.