Vulnerability, Attacks, And Privilege: Proofpoint unveils annual Human factor report

Proofpoint unveiled its annual Human Factor report, which examines the three primary elements of user risk—vulnerability, attacks, and privilege—as well as how the exceptional events of 2020 shifted the threat environment. Human Factor 2021 is based on a year’s worth of study, and it covers risks identified, mitigated, and resolved across one of the largest cybersecurity databases.

“Attackers don’t hack in, they log in, and people continue to be the most critical factor in today’s cyberattacks. The threat ecosystem has evolved over the past year, and this report explores how a people-centric approach to cybersecurity can reduce today’s risks,” said Ryan Kalember, EVP of cybersecurity strategy, Proofpoint.

Further commented, “In addition to troubling growth in volume and sophistication of ransomware and business email compromise (BEC) attacks, we discovered massive spikes in lesser-known methods like CAPTCHA techniques and steganography, which proved surprisingly effective.”

Proofpoint examines over 2.2 billion emails, 35 billion URLs, 200 million attachments, and 35 million cloud accounts per day. This report is based on our team of expert threat analysts’ review of that data over the course of 2020, and it identifies dangers and vulnerabilities that still exist today:

• Ransomware was omnipresent, More than 48 million communications contained malware that could be exploited to launch ransomware attacks. Email continues to play an essential role in these assaults, as it is where much of the first-stage malware used to download ransomware is transmitted.
• Credential Phishing—both consumer and corporate—was by far the most common form of a cyberattack; approximately two-thirds of all harmful messages are sent by email. Credential phishing leads to account compromise, which in turn leads to other assaults such as business email compromise (BEC) and data theft.
• Of all Phishing methods (attachment, data, link), extension proved the most successful, One out of every five people clicked, which is more than the other two combined.
• Increasingly elaborate BEC fraud attempts emerged. In one scenario, Proofpoint discovered that a single threat actor (TA2520) utilized BEC to impersonate C-Level officials, instructing many email recipients to send large quantities of money in the name of a fictitious company purchase
• Steganography was wildly successful, With more than one-third of those targeted in such assaults clicking on the infected email, these attacks have the highest success rate of any type. Steganography is a method of concealing harmful payloads in seemingly harmless media such as images and music. The hard-to-detect files are decrypted and triggered once they arrive on consumers’ computers.
• Attacks using CAPTCHA techniques garnered 50 times as many clicks as the year prior. Because consumers link CAPTCHA problems with anti-fraud measures when working from home, 5% of individuals clicked on them, a fiftyfold increase.
• Cyberthieves used Remote Access Trojans (RAT). In fact, RAT software tools were used in approximately one-fourth of all email threat campaigns. The volume of threats delivering Cobalt Strike—a commercial security tool that helps firms test for system weaknesses—for example, increased by 161%.
•  1 in 4 attack campaigns used compressed executable filesto hide malware. The user must engage with a malicious attachment to execute the payload, such as an Excel spreadsheet or a PowerPoint slide deck.

Emile Abou Saleh, Regional Director, Middle East, and Africa for Proofpoint, added: “In the Middle East, our recent research revealed that CISOs in the UAE and KSA had seen an increase in targeted attacks in the past year of 76% and 69% respectively. As cyber criminals continue to exploit vulnerabilities created by remote working, the shift to e-commerce and cloud, and the acceleration of digital transformation across all sectors, it is more important than ever for companies in the region to employ a people-centric approach to their cybersecurity practices.”

.