Building a slide deck, pitch, or presentation? Here are the big takeaways:
- Most fraudulent emails used brand names like Dropbox and DocuSign to get users to click on malicious links.
- Hacking attempts focused on human vulnerabilities in a system instead of lapses in software or hardware.
Cybersecurity firms and analysts have been sounding the alarm on vulnerabilities in most web-based systems, pointing to loopholes and lapses in security. But a recent report from Proofpoint, a cybersecurity firm, said most cyberattacks are designed to take advantage of human error instead of flaws in hardware or software.
In their 2018 Human Factor Report, Proofpoint analyzed cyberattacks throughout 2017, looking into attempted attacks on nearly 6,000 organizations across the world. They found that almost every industry suffered from a growth in the number of attacks, ranging from phishing to ransomware and cloud application breaches.
"Email remains the top attack vector...Attackers are adept at exploiting our natural curiosity, desire to be helpful, love of a good bargain, and even our time constraints to persuade us to click," the report said.
SEE: IT leader's guide to cyberattack recovery (Tech Pro Research)
Some 50% of all clicks on malicious emails occurred within an hour of it showing up in the victim's inbox. And 30% happened within 10 minutes of receiving the email. Hackers, either working on their own, with a group, or with a state-sponsored entity, attempted to take advantage of human trust in most cases. Nearly 55% of social media attacks that impersonated customer-support accounts were aimed at financial institutions.
"Many of these attacks rely on social engineering," the report noted. "Others simply take advantage of inclinations for immediate gratification, improved status, or even the reward of 'getting something for nothing.'"
The report continued: "But as the old adage goes, there is no such thing as a free lunch. The hidden costs of a bargain in social media channels can often be credential loss to phishing, coin mining through browser hijacking, and malware infections."
Surprisingly, phishing emails purporting to be from Dropbox were far and away the most common lure hackers used, followed by fake DocuSign emails, which had a higher rate of success, the report said. Of all malicious emails searched in the survey, ransomware and banking Trojans accounted for more than 82%.
The study had a number of interesting observations and tidbits concerning when and how hackers attempt to infiltrate our lives. Europe and Japan had higher-than-usual proportions of banking Trojans, at 36% and 37% respectively, while the rest of the world suffered mostly from ransomware.
Proofpoint said education, consulting, and entertainment firms suffered from the largest number of email fraud attacks, with each organization averaging about 250 attacks.
Crimeware was specifically used when attacking the tech and healthcare industries, and the manufacturing industry was repeatedly hit with phishing attempts along with the construction industry.
"As the threat landscape continues to evolve, new tools and approaches are emerging regularly. But one thing remains constant: the human factor," the report said. "More than ever, cyber criminals rely on people to download and install malware or send funds and information on their behalf."
SEE: Security awareness and training policy (Tech Pro Research)
Last year, there were massive spikes in hacking attempts related to cryptocurrency, with instances of "cryptojacking" rising and falling with the price of Bitcoin. Cloud computing also could not keep users safe, with every major tech companies' cloud service suffering from an attack, the report said.
"Attackers are opportunistic and adaptable. They take advantage of new options, vectors, and tools to increase their chances of success," the report noted. "These opportunistic attacks extend to social media channels and cloud-based tools as well. Fraudsters and other attackers capitalize on major events and trends and leverage legitimate services to trick defenders and victims."
Proofpoint also named multiple groups that experts know are behind many of the attacks that were done last year, including the North Korea-backed Lazarus Group, Fin7, and the Cobalt Group. Many of those organized into groups were going after government, defense contractors, and financial institutions, but some had begun to attack individuals as well.
Kevin Epstein, vice president of Threat Operations for Proofpoint, told Computing Magazine that organizations had to focus on stopping attacks before they could even reach people's' inboxes or networks.
"Reducing initial exposure minimizes the chances that an organisation will experience a confidential data breach, business disruption, or direct financial loss," Epstein said said.
- Special report: Cybersecurity in an IoT and mobile world (free PDF) (TechRepublic)
- Bank web apps are the "most vulnerable" to getting hacked, new research says (ZDNet)
- Ransomware: A cheat sheet for professionals (TechRepublic)
- McAfee discovered 'malicious documents' targeting Winter Olympics ahead of opening ceremony 'hack' (ZDNet)
- Here's why 81% of security pros believe their company will be hacked this year (TechRepublic)
Jonathan Greig has nothing to disclose. He doesn't hold investments in the technology companies he covers.
Jonathan Greig is a freelance journalist based in New York City. He recently returned to the United States after reporting from South Africa, Jordan, and Cambodia since 2013.