Human element, together with its all psychological and cognitive weaknesses, constitutes arguably the most vulnerable component of company’s attack surface. Recently released report “The Human Factor 2018” by Proofpoint offers some interesting updates and insights on the subject.
“The human factor—the instincts of curiosity and trust that lead well-meaning people to click, download, install, move funds, and more—is simply more reliable and lucrative than exploits with increasingly short shelf lives.”
(“The Human Factor 2018”)
Here is a short description of just a few findings I found particularly thought provoking:
Authentic business domain remains “densely surrounded” by fake ones. Proofpoint estimates that for large companies the number of suspicious domains is 20 times greater than the amount of legitimate ones. This leaves the companies vulnerable to variety types of attacks (e.g. frauds, phishing, spoofing). The malicious actors have repeatedly demonstrated great ingenuity in incorporating lookalike domains in their attacks (for a detailed example of such tactics see my post “Information Attack on Vinci – a Look at the Kill Chain“)
Click rates of phishing emails are not uniform across industries. The automotive, aerospace, defense, and commercial banking show the largest percentage (over 80%). This underscores once again the importance of granular and tailored, rather than blanket approach, to threats in the “business activity”. The lowest rates were registered in accounting and entertainment/media.
Another very interesting insight from the report is the analysis of the behavioural and temporal aspects related to activating the infected emails (i.e. clicking on the attachment or a link in the email message sent by the malicious actor). Generally, and somewhat predictably, the “clicking cycle” is driven by the three “hallmark events” of a typical office day; the arrival to work, lunch, and the end of work. Sending infected emails around these time-windows provides malicious actors with greater chance of the payload being activated.
Another interesting statistics shows that almost a quarter of activated infected emails were triggered within five minutes after being delivered. In other words, the activation has one-in four chances to take place within minutes from email delivery leaving very little time for preventive response.
The report also notes a 1850% year-on-year increase in email fraud attacks based on themes related to lawyers and/or legal issues. Though overall, somewhat surprisingly, this type of attack remains relatively unpopular. The attackers continue to improve methods for increasing credibility of the fraudulent messages by e.g.: adding a fake email history to the message, adding multiple spoofed senders.
“But all signs point to the human factor as a main component in most attacks going forward. Malicious macros and attached scripts (which require someone to click) will dominate most email-based attacks. And more web-based attacks will use social engineering. The human factor is simply more reliable—and therefore more lucrative—for attackers.”
(“The Human Factor 2018”)
Read the report, it’s a great food-for-thought.