The continuous and increasing threat of email and phishing attacks by the cyber crooks target several executives and employees. Read on to know more about the recently published report…
According to a new study report, the cyber crooks continue to probe the weakest links in the organization’s security frameworks — the executives and employees behind the computers. Proofpoint’s Protecting People study, which was published recently, focuses on attacks that target people rather than technology.
The security firm, Proofpoint, analyzed more than 600 million emails as part of its research, as well as 7 million mobile apps and hundreds of thousands of social media accounts.
As social engineering and phishing techniques are growing in popularity, questions are be raised over how organizations can ensure adequate cyber security hygiene. Employees are becoming increasingly exposed through fraudulent email and social media scams, said email security firm Proofpoint.
According to a new report, there was a 36% increase in email attacks against businesses between the first and second quarters of 2018, with retail, healthcare and government experiencing the most Business Email Compromise (BEC) attempts.
Government agencies and retailers have witnessed a staggering increase in email fraud attempts this quarter, with attacks on companies rising 91% and 84% with government agencies. Per year, the increased number of attacks has also risen. Attacks against government agencies have increased five-fold over the last 12-months, while education sector attacks have more than tripled.
Non-management and low-level management employees are most often targeted inside organizations: They accounted for 60% of highly targeted malware and credential phishing attacks. However, according to the “Protecting People” report from Proofpoint, analyzing customer attack data gathered April through June 2018. Executives, on the other hand, only received 23.5% and 5.2% of targeted attacks, respectively.
The number of malicious emails soared 36% compared to the previous quarter as the availability and sophistication of email payloads grows. Ransomware has also seen a resurgence during this quarter, accounting for more than 10% of the total malicious email volume.
This marks a concerning comeback for this attack method. In 2017, ransomware appeared to be in vogue, yet in the early stages of 2018, it had fallen.
Social Engineering & Phishing
Lisa Forte, of Red Goat Cyber, said that social engineering and phishing in particular is one of the fastest growing attack vectors in 2018. Rather than invest time in bypassing technical controls, attacking staff makes for a far easier point of entry.
“Social engineering and phishing, in particular, is one of the fastest growing attack vectors,” she said. “The reason for this is that the majority of attackers are running a business, and, like all of us they need to see a good return on investment.
“Spending days, weeks or months trying to bypass a company’s technical controls reduces that ROI. Going after their staff can be far quicker.”
Social Media Networks
Social media such as Facebook or Twitter is also placing the executives and employees at risk from phishing attacks or similar techniques. Web links sent via social media networks rose by around 30% this quarter, which similarly marks a resurgence in this method.
Cyber criminals are now finding ways to circumvent automated remediation tools that have been put in place by major social media providers, which is leaving users at great risk. In order to ensure that the employees are not vulnerable, Forte said that stringent training and security protocols must be implemented.
“Training is the key social engineering defence,” Forte said.”Additionally, companies can get social engineering tests carried out for all four of the main attacks including phishing.”
She added: “Companies not only need to create a security culture but also need to ensure that staff feel comfortable reporting mistakes. If someone clicks on a malicious link it is far better to know now than in eight months’ time. Don’t punish staff for mistakes, reward them for reporting them”