Subscribe Now

* You will receive the latest news and updates on the Canadian IT marketplace.

Trending News

Blog Post

Cyber attackers target humans not code: Proofpoint report

Cyber attackers target humans not code: Proofpoint report 

Kevin Epstein, vice-president of Proofpoint’s Threat Operations Centre this shift in strategy could be traced back to 2015.

The company’s annual Human Factor 2017 report is based on analysis of attack attempts last year on more than 5,000 Proofpoint customers around the world. The paper is useful for chief security officers and security managers because it provides insights into attack trends across numerous vectors and offers guidelines on how to prevent attacks and mitigate their impact.

“…cybercriminals are aggressively using attacks that depend on clicks by humans rather than vulnerable software exploits—tricking victims into carrying out the attack themselves,” said Epstein. “It’s critical that organizations deploy advanced protection that stops attackers before they have a chance to reach potential victims. The earlier in the attack chain you can detect malicious content, the easier it is to block, contain, and resolve.”

Click on the image below to view the full infographic

 Proofpoint infographic

Here are some of the key findings from the report:

  • More than 90 per cent of malicious email messages that featured nefarious URLs led users to credential phishing pages. And a full 99 per cent of email-based financial fraud attacks relied on human clicks rather than automated exploits to install malware. Phishing messages designed to steal Apple IDs were the most sent, but Google Drive phishing links were the most clicked.
  • Half of the clicks on malicious URLs occur on devices that are outside the purview of enterprise desktop management. Forty-two percent of clicks on malicious URLs were made from mobile devices, double the long-running rate of 20 per cent. And eight per cent of clicks occurs on potentially vulnerable versions of Windows for which security patches are no longer available.
  • Social media fraudulent support account phishing increased 150 per cent in 2016. During these attacks cybercriminals create a lookalike social media account posing as the customer service account of a trusted brand. When someone tweets to a company looking for help, the attacker swoops in.

When is your organization most likely to be hit by an attack?

Tell personnel to be especially wary of emails on Thursdays and Fridays.  Four to five hours after the start of work and during the lunch hour are the time’s cyber criminals are most likely to send malicious emails.

  • Watch your inbox closely on Thursdays. Malicious email attachment message volume spikes more than 38 per cent on Thursdays over the average weekday volume. Ransomware attackers in particular favor sending malicious messages Tuesday through Thursday. On the other hand, Wednesday is the peak day for banking Trojans. Point-of-sale (POS) campaigns are sent almost exclusively on Thursday and Friday, while keyloggers and backdoors favor Mondays.
  • Attackers understand email habits and send most email messages in the 4-5 hours after the start of the business day, peaking around lunchtime. Users in the U.S., Canada, and Australia tend to do most of their clicking during this time period, while French clicking peaks around 1 p.m. Swiss and German users don’t wait for lunch to click; their clicks peak in the first hours of the working day. U.K. workers pace their clicking evenly over the course of the day, with a clear drop in activity after 2 p.m.

Social media

By now many people are aware that the social media landscape can be fraught with cyber dangers.

Fraudulent social media customer service accounts became a major feature of the threat landscape in 2016, according to Proofpoint. Fake accounts, which impersonate popular brands and respond to customer requests, can appear legitimate, the company said.

“These so-called ‘angler phishing’ attacks grew 150 per cent in 2016. And over the course of the year, more brands and industries were phished,” according to the report.

Fraudulent mobile apps

In 2015 and early 2016, cyber criminals often cloned popular games, adding malicious code that the user doesn’t see.  By the end of 2016, they shifted their focus on customers of banks, employees in particular industries, event attendees, and more.

“Attackers use stolen branding, misleading app names, and other ruses to convince users to download hidden malware on their mobile devices,” the report said. “For example, we recently analyzed a sample Android app distributed in China that purports to be a point-of-sale (POS) control app for a major POS system manufacturer.”

During installation, the app requested extensive permissions that didn’t match what the app was supposed to do.

The app was actually a robust information stealer that runs persistently in the background.


Here are some security strategies from Proofpoint that could have organizations better protect their assets:

  • Deploy protection that works within the flow of email to stop attacks before they have a chance to reach your employees.
  • Detect threats in attachments and URLs with threat analysis services that use multiple approaches to examine behavior, code, and protocol.
  • Employ cloud-based sandbox analysis services that can scale to protect everyone in your organization. It should be able to identify attack campaigns and uncover new attack tools, tactics, and targets so the next attack is easier to catch.
  • Protect employees in the field by providing the same level of security controls to their mobile devices you provide for company-owned PCs in the office. Field workers are an increasing source of clicks on malicious links. And SMS messaging is emerging as a new attack vector.
  • Accelerate responses to threat incidents

The ideal security solution should be able to detect and block clicks on malicious URLs on smartphones and tablets, on and off the network, regardless of location.

Proofpoint suggests looking for a security tool that can scan and discover fraudulent accounts and applications that impersonate your company on social media and app stores.

“Consider a solution that enables you to retract malicious emails that have been delivered to users’ inboxes,” the report said. “The solution should move the malicious email out of users’ hands and have the business logic to find and remove any copies of those messages that were forwarded.”


Related posts