Cyber attacks exploit the human factor

A recent report issued by Proofpoint titled ‘The Human Factor:2018- People-centered threats define the landscape’ highlights the ways threat actors are stepping up attacks that exploit “the human factor.”

Targeting our humanity

Over the last year, cyber criminals have continued to increase their use of social engineering rather than automated exploits, scaling up people-centered threats and attacks that rely on human interaction. They have found new ways to exploit “the human factor”—the instincts of curiosity and trust that lead well-intentioned people to click, download, install, move funds, and more every day.

These threats focused on people and their roles within an organization rather than just computer systems and IT infrastructure. Threat actors (cyber attackers and their sponsors) attacked people at both macro and micro scales.

Large scale attacks

At the macro level, they waged massive, indiscriminate campaigns in email and social channels. Attackers recognize the tendency of users to trust familiar brands. The Proofpoint report noted that most fraudulent emails mimic the style of popular services, such as Dropbox and DocuSign, to convince employees that links are legitimate.  Ransomware was the biggest email-borne threat of 2017. Ransomware and banking Trojans comprised 82 percent of malicious emails last year, however,  attackers are also exploring new vectors to exploit human vulnerabilities.

Small scale attempts

At the micro level, state-sponsored groups and financially motivated email fraudsters launched highly targeted attacks. Even attacks on cloud-based platforms relied on human error, carelessness, and credulity to penetrate systems of value. For example, the report found that 25 percent of suspicious cloud login attempts were successful, and 60 percent of cloud users did not leverage a password policy or two-factor authentication (2FA). Whether attacks are: broad-based or targeted; delivered via email, social media, the web, cloud apps, or other vectors; motivated by financial gain or national interests, the social engineering tactics used in these attacks work time and time again. Victims clicked malicious links, downloaded unsafe files, installed malware, transferred funds, and disclosed sensitive information at scale.

Proofpoint’s recommendations

Proofpoint recommend the following:

  • Train your people to spot attacks that target them. Your security awareness training should include phishing simulations that use real-world tactics to see who’s most at risk. Teach them to recognize attacks on email, cloud apps, mobile devices, the web, and social media.
  • Get advanced threat analysis that learns and adapts to changing threats. Today’s fast-moving, people-centered attacks are immune to conventional signature- and reputation-based defenses. Be sure your defenses adapt as quickly as attackers do.
  • Deploy DMARC (Domain-based Message Authentication, Reporting & Conformance) authentication and lookalike domain (typosquatting) defenses. These technologies stop many attacks that use your trusted brand to trick employees, partners, vendors, and customers.
  • Get visibility into the cloud apps, services and add-ons your people use. Deploy tools to detect unsafe files and content, credential theft, data theft, third-party data access, and abuse by cloud scripting apps.
  • Automate some aspects of detection and response. Automated tools can proactively detect security threats and other risks posed by the ever-growing volume of apps your people use in the enterprise. And security orchestration and automation solutions can help you respond faster and more effectively. Consider solutions that connect, enrich, and automate many steps of the incident response process. That frees up security teams to focus on tasks that people do best, boosting awareness and security.

Jenson Knight have included a link to the full report below.