Proofpoint, a cybersecurity and compliance company, has released “The 2022 Social Engineering Report,” which examines key trends and techniques of socially engineered cyber threats observed in the previous year.
Social engineering is a tool in nearly every threat actor’s toolbox that uses email as an initial access vector. Proofpoint has observed countless tactics, techniques, and procedures relying on humans’ fundamental propensity to open and respond to emails, from financially motivated cybercrime to business email compromise (BEC) fraud to advanced persistent threat (APT) actors.
According to the report, threat actors may build trust with intended victims through extended conversations; they expand their use of effective tactics such as using trusted companies’ services; they use orthogonal technologies, such as the telephone, in their attack chain; they are aware of and use existing conversation threads between colleagues; and they regularly leverage topical, timely, and socially relevant themes.
Sherrod DeGrippo, Vice President, Threat Research and Detection, Proofpoint, said: “Despite defenders’ best efforts, cybercriminals continue to defraud, extort, and ransom companies for billions of dollars annually. The struggle with threat actors evolves constantly, as they change tactics to earn clicks from end users. Security-focused decision makers have prioritized bolstering defenses around physical and cloud-based infrastructure which has led to human beings becoming the most relied upon entry point for compromise. As a result, a wide array of content and techniques continue to be developed to exploit human behaviors and interests. In this new report, Proofpoint researchers analyze frequently used social engineering techniques and look to debunk faulty assumptions made by organizations and security teams, which should be taken into account to better protect their employees against cybercrime.”
The 2022 Social Engineering report examines which services, such as Google Drive or Discord, are frequently abused; how Proofpoint sees millions of messages directing people to make phone calls as part of the attack chain; and why techniques such as thread hijacking can be so effective.
Organizations must instill in their users the notion that malicious activity is common, if not inevitable. Threat actors should find it increasingly difficult to exploit the human element as this becomes more widely accepted and reporting/clearing pipelines for threats become more well-established within workflows.