GoDubai
  
  
  
  
Citylife > Press Release
  Home Contact us Add to Favourites
Most Recent Postings
More Press Releses
Featured Sections

Event Finder
A daily roundup of exhibitions, promotions and other events in Dubai and the rest of the Emirates.
Submit an Event
Latest Dubai Press Releases >>

    Share
Threat actors continue to use socially-engineered attacks across email, cloud applications, and social media to exploit human instincts and lure people to click
 
Dubai, United Arab Emirates—September 11, 2019:   Proofpoint, Inc., (NASDAQ: PFPT), a leading cybersecurity and compliance company, today announced its annual Human Factor report findings, which highlight the ways in which cybercriminals target people, rather than systems and infrastructure, to install malware, initiate fraudulent transactions, steal data, and more. The report, based on an 18-month analysis of data collected across Proofpoint's global customer base, spotlights attack trends to help organizations and users stay safe. 
 
“Cybercriminals are aggressively targeting people because sending fraudulent emails, stealing credentials, and uploading malicious attachments to cloud applications is easier and far more profitable than creating an expensive, time-consuming exploit that has a high probability of failure,” said Kevin Epstein, vice president of Threat Operations for Proofpoint. “More than 99 percent of cyberattacks rely on human interaction to work—making individual users the last line of defense. To significantly reduce risk, organizations need a holistic people-centric cybersecurity approach that includes effective security awareness training and layered defenses that provide visibility into their most attacked users.”
 
“As technology evolves, cyber-attacks also become more sophisticated. Threat actors focus on people, their roles within an organization, and even their likelihood to “click here”. The report illustrates that the most popular times that people click on links show significant regional differences, for example, Middle Eastern and European users are more likely to click at midday, after lunch and into the late evening, likely reflecting the time shifting necessary to do business with North American organizations and colleagues,” said Emile Abou Saleh, Regional Director, Middle East and Africa for Proofpoint.
 
Proofpoint's 2019 Human Factor report findings include:
 
• More than 99 percent of threats observed required human interaction to execute - enabling a macro, opening a file, following a link, or opening a document – signifying the importance of social engineering to enable successful attacks. 
 
• Microsoft lures remain a staple. Nearly 1 in 4 phishing emails sent in 2018 were associated with Microsoft products. 2019 saw a shift towards cloud storage, DocuSign, and Microsoft cloud service phishing in terms of effectiveness. The top phishing lures were focused on credential theft, creating feedback loops that potentially inform future attacks, lateral movement, internal phishing, and more.
 
• Threat actors are refining their tools and techniques in search of financial gain and information theft. While one-to-one attacks and one-to-many attacks were more common when impostor attacks first began to emerge, threat actors are finding success in attacks using more than five identities against more than five individuals in targeted organizations.
 
• The top malware families over the past 18 months have consistently included banking Trojans, information stealers, RATs, and other non-destructive strains designed to remain resident on infected devices and continuously steal data that can potentially provide future utility to threat actors.
 
People-centric Threats
 
• Attackers target people – and not necessarily traditional VIPs. They often target Very Attacked People (VAPTM) located deep within the organization. These users are more likely to be targets of opportunity or those with easily searched addresses and access to funds and sensitive data.
 
• Thirty-six percent of VAP identities could be found online via corporate websites, social media, publications, and more. For the VIPs who are also VAPs, nearly 23 percent of their email identities could be discovered through a Google search.
 
• Imposters mimic business routines to evade detection. Impostor message delivery closely mirrors legitimate organizational email traffic patterns, with less than 5 percent of overall messages delivered on weekends and the largest portion - over 30 percent - delivered on Mondays.
 
• Malware actors are less likely to follow expected email traffic. Overall malicious message volumes sampled in the second quarter of 2019 were distributed more evenly over the first three days of the week and were also present in significant volumes in campaigns that began on Sundays (more than 10 percent of total volume sampled).
 
• Click times have traditionally shown significant regional differences, reflecting differences in work culture and email habits among major global regions. Asia-Pacific and North American employees are far more likely to read and click early in the day, while Middle Eastern and European users are more likely to click mid-day and after lunch.
 
 
Email Attacks: Verticals at Risk
 
• Education, finance, and advertising/marketing topped the industries with the highest average Attack Index, an aggregated measure of attack severity and risk. The education sector is frequently targeted with attacks of the highest severity and has one of the highest average number of VAPs across industries. The financial services industry has a relatively high average Attack Index but fewer VAPs.
 
• 2018 saw impostor attacks at their highest levels in the engineering, automotive, and education industries, averaging more than 75 attacks per organization. This is likely due to supply chain complexities associated with the engineering and automotive industries, and high-value targets and user vulnerabilities, especially among student populations, in the education sector. In the first half of 2019, the most highly targeted industries shifted to financial services, manufacturing, education, healthcare, and retail.
 
• The Chalbhai phish kit, the third most popular lure for the first half of 2019, targeted credentials for many top U.S. and international banks and telecommunications companies, among others, using a range of templates attributed to a single group but leveraged by multiple actors.
 
• Attackers capitalize on human insecurity. The most effective phishing lures in 2018 were dominated by “Brainfood,” a diet and brain enhancement affiliate scam that harvests credit cards. Brainfood lures had click rates over 1.6 clicks per message, over twice as many clicks as the next most clicked lure.



Posted by : GoDubai Editorial Team
Viewed 6896 times
Posted on : Wednesday, September 11, 2019  
Replication or redistribution in whole or in part is expressly prohibited without the prior written consent of GoDubai.com.
Previous Story : Gold takes a breather
Next Story : Al-Futtaim Engineering & Technologies to present innovative Facilities Management solutions at FM Ex...
Email this article Print this article

Share this article with your friends and followers
NewsVine

Comments

Back to Top  
Most Viewed Press Release posted in the last 7 days
FINA World Swimming Championships
Samsung Announces Official Galaxy Z Series Availability Across the UAE
GEMS Education Teacher Wins Brand New BMW X2 after Signing Up for an Emirates NB...
Max Factor X Priyanka Chopra Jonas: Matte Confidence Look
UAE Ministers Announce the First Set of “Projects of the 50”
Eureka Forbes Coronaguard Achieves 94.9% Reduction in Covid-19 Virus
Curly Hair Girls Rejoice! Cult Haircare Brand SASHAPURE Launches in the Middle East
2022 Renault Koleos– The Contemporary SUV Reimagined
New World 12s Rugby Tournament Launches, Aiming to Bring 250 Million Pounds Int...
Lenovo Leads in Launching Windows 11 on New Yoga Laptops
Hyundai Motor Group Presents Its Vision to Popularize Hydrogen by 2040 at Hydrog...
Get Ready For The Next-Gen Ranger!
Patient Suffering from “Friedreich Ataxia” Regains Mobility with the Aid of Smar...
Wizz Air Abu Dhabi's Inaugural Flight to Bahrain Takes Off
Dubai Summer Surprises' Modesh Scholarship Shares AED 250,000 in Cash Prizes Amo...
Twitter is Connecting People With the Launch of Communities
SITA Takes Decisive Steps to Reduce Carbon Emissions to Become a Certified Carbo...
Genesis Presents Vision for Sustainable Future
Lily Collins Weds in a Custom Ralph Lauren Gown
Ogilvy Names Ben Messiaen Chief Client Officer for EMEA
Pure Health expands lab facilities for COVID-19 testing at Obaiduallah Hospital,...
Ultimate Arctic Adventures on Ice With Jaguar and Land Rover
SEHA Celebrates World Physiotheraphy Day With Series of Events Aimed to Raise Aw...
TONDA PF
Bank's Reach is Tangible, its Relevance is Questioned, say Experts at Finnovex M...
Hamdan Bin Mohammed Heritage Center announces: Few days left before Registratio...
GEMS CEO and Student-Author Record Children's Audiobook to Mark International Li...
GEMS Winchester School Fujairah becomes UAE's first school to win prestigious GL...
Look out for these Newly-Launched Premium Indian E-Bikes in UAE
The First Look at OMEGA in No Time To Die
Abu Dhabi Showdown Week Set to Showcase Two Blockbuster Championship Fights at U...
SCCI trade Mission to Moscow holds fruitful meetings to boost economic, investme...
Nissan of Arabian Automobiles Presents ‘Deals For A New Start' Back-to-School Ca...
LG Xboom 360 Delivers Premium Sound With Stylish Design Anyplace, Anytime
Samsung's New Galaxy Z Fold3 5G Receives Exceptional Response in the Pre-Order Phase
HFZA's Stand at Big Five Woos Investors with Exclusive Privileges and Offers
New Behind-The-Scenes Footage Shows Range Rover Sport SVR Preparing to Make an I...
EETEN Urban Kitchen's Terrace Opens on Wednesday
UAE Home to Prominent Innovation Districts: Middle East Designated Leading Innov...
Etisalat Reasserts Dominance as World's Fastest Mobile Network for the Second Co...
Renault of Arabian Automobiles announces 1-3-5 offer on 2022 Renault Koleos
Lenovo Introduces the Powerful and Flexible ThinkEdge SE70 Edge AI Platform
Ajman University honors its strategic partners on the occasion of the Internatio...
Thani Grabs Thrilling Grand Prix Victory as Team Abu Dhabi Make Perfect Start in...
Mubadala World Tennis Championship Returns to Abu Dhabi With New December Dates
Frontline Heroes Thank HH Sheikh MBZ
LG Launches Its Most Compact Soundbar in the UAE, The LG Eclair – Featuring Dolb...
Block the Gold Rate with Malabar Gold & Diamonds' by Paying just 10% Advance
DHA's Medical Education Department enhances features of its online learning platform
Team Abu Dhabi Primed for Big Grand Prix Battle in Italy