“Threat actors continue to find new ways to exploit our natural curiosity, desire to be helpful, love of a good bargain, and even our time constraints to convince us to click,” said Kevin Epstein, vice president of Threat Operations for Proofpoint. “Our research clearly shows that it’s imperative to stop threats before they reach users over email, cloud applications, and social networks. Reducing initial exposure minimizes the chances that an organization will experience a confidential data breach, business disruption, or direct financial loss.”
Proofpoint’s 2018 Human Factor report findings include:
· Advanced persistent threat (APT) activity is far more likely to target government and defense industries (40% of documented attack attempts), but no industries were exempt.
· Email continues to be the top attack vector of choice. 30% of clicks in malicious emails happen within 10 minutes of delivery and 52% of clicks occur within one hour.
· Dropbox-related fraudulent emails were the top lure for phishing attacks, with over twice as many messages as the next most popular lure. However, Docusign phishing click rates exceeded those for Dropbox phishing, and indeed all other credential phishing email lures.
· More than 80% of malicious emails distributed ransomware and banking trojans, making them the most widely distributed malware families. Banking trojans appeared in more than 30% of malicious emails in Europe, Japan, and Australia. Japan also saw the highest regional level of downloader activity in email.
· Roughly 80% of organizations experienced business email compromise (BEC)/email fraud attacks. The number of email fraud emails using language related to legal advice or practices in their subject lines increased by 1,850% year-over-year.
Email Attacks: Verticals Most at Risk
· Education, management consulting, and entertainment/media industries experienced the greatest number of email fraud attacks, averaging more than 250 attacks per organization. Education was the most-targeted vertical with an average number of attacks per organization almost four times the average across all industries (up 120% year-over-year).
· Construction, manufacturing, and technology topped the most phished industries, while manufacturing, healthcare, and technology were the top targets of crimeware, which aims to steals identities for financial gain.
Cryptocurrency Botnets, Cloud Applications, Fraudulent Domains, and Social Media Attacks:
· Network traffic of cryptocurrency coin-mining botnets jumped nearly 90% between September and November 2017 (mirroring trends in Bitcoin valuations).
· 60% of cloud service users, including 37% of privileged users, did not have a password policy or multi-factor authentication enforced, which created significant risks.
· For large enterprises, suspiciously registered domains can outnumber brand-registered domains 20 to 1, meaning victims of phishing attacks are more likely to mistake typosquatted and suspicious domains for their legitimate counterparts.
· 55% of social media customer support attacks targeted customers of financial services companies.