Security Experts:

Connect with us

Hi, what are you looking for?



Cybercriminals View People as the Best Exploit: Report

Cybercriminals are increasingly focusing on tricking humans into becoming their unwitting accomplices in attempts to steal information and money, a new report from Proofpoint reveals.

Cybercriminals are increasingly focusing on tricking humans into becoming their unwitting accomplices in attempts to steal information and money, a new report from Proofpoint reveals.

While attacking the human element is by no means a new tactic, according to the recently released Proofpoint Human Factor 2016 report, social engineering has become the most used attack technique as attackers trick people into infecting their computers themselves and are less reliant on automated exploit technology. Proofpoint found that 99.7 percent of attachment documents and 98 percent of URLs in malicious email campaigns required human interaction to infect the target.

The report also reveals a trend among attackers who served phishing emails in the morning and social media spam at noon, riming their attacks to ensure optimal distraction. Tuesday mornings between 9-10 a.m. was the most popular time frame for phishing campaigns, while most social media spam hit in the afternoon.

As was the case in 2014, Tuesday remained the preferred day of the week for delivering malicious messages, though the difference compared to other days of the week was less pronounced. In fact, the report shows that attackers were most active from Monday to Wednesday and that click counts by day of the week followed a similar trend, with days toward the end of the work week showing decrease in clicks.

Malicious Microsoft Office macros, which first appeared in late 90s, started fading out when Office 2007 turned macros off by default. However, cybercriminals began using them again in late 2014 and early 2015, and increased the volume of spam emails containing attached documents with malicious macros by the end of last year, aggressively targeting organizations in the UK and Europe.

Proofpoint researchers also note that social media phishing scams became 10 times more common compared to social media malware. They also found that 40 percent of accounts on Facebook and 20 percent of accounts on Twitter claiming to represent a global 100 brand were unauthorized.

The report (PDF) also reveals that ransomware was highly popular in exploit kit campaigns in 2015, and that it continues to be the case in 2016 as well. Banking Trojans were the most popular threats used in malicious email campaigns, with Dridex message volume almost 10 times greater than the next most-used threat, Proofpoint researchers explain.

According to the report, people willingly downloaded more than two billion mobile applications designed to steal data, and the security company has found over 12,000 malicious mobile apps in authorized Android app stores. Many of these were built to steal user information, create backdoors on the compromised devices, and perform other nefarious functions.

Proofpoint researchers also explain that dangerous mobile applications from rogue marketplaces affect 2 in 5 enterprises. Additionally, 40 percent of large enterprises sampled by the security firm had malicious apps from rogue app stores on mobile devices, with these programs capable of stealing personal information, passwords or data.

The report suggests that 2015 was the year during which attackers considered people as making the best exploits and focused on building social engineering into their lures and their vectors to trick people into clicking and opening an attachment, downloading an app, or handing over their credentials. Moving forward, attackers are expected to continue using a threat framework that has proven to be flexible, adaptable, and resilient, and which consists of five elements: actor, vector, hosts, payload, and command-and-control channel.

“Attackers moved from technical exploits to human exploitation in 2015,” said Kevin Epstein, vice president of Threat Operations for Proofpoint. “People’s natural curiosity and gullibility is now targeted at an unprecedented scale. Attackers largely did not rely on sophisticated, expensive technical exploits. They ran simple, high-volume campaigns that hinged on social engineering. People were used as unwitting pawns to infect themselves with malware, hand over key credentials, and fraudulently wire money on the attackers’ behalf.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...