Content, Content

Proofpoint Threat Report: BEC, Social Engineering Attacks Up in 4Q18


Business email compromise (BEC), email, social media and web threats devastated global organizations in the fourth quarter of 2018, which is reflected in the results of Proofpoint's latest "Quarterly Threat Report."

Now, let's take a look at five key takeaways from the Quarterly Threat Report:

  1. BEC attacks against targeted companies increased 226 percent quarter over quarter and 476 percent year over year.
  2. There was a 150 percent year-over-year increase in social engineering attacks.
  3. Angler phishing attacks increased 442 percent year over year; these attacks occur when cybercriminals impersonate a social media customer service account to lure victims to provide access to their personal information.
  4. Fifty-six percent of all malicious payloads in 4Q18 were banking Trojans, making banking Trojans the top email-borne threat during the time frame.
  5. The overall volume of credential stealers and downloaders rose 230 percent year over year, and malicious messages that included credential stealers or downloaders rose more than 230 percent during the time frame.

In addition, Proofpoint offered the following recommendations to help organizations protect their data and assets against cyber threats in the foreseeable future:

  • Plan ahead for social engineering attacks. Identify and quarantine both inbound email threats targeting employees and outbound threats targeting customers before they reach their inboxes.
  • Protect against email fraud. Implement email quarantine and blocking capabilities.
  • Analyze social network activity. Scan all social networks and report fraudulent activity.
  • Foster cybersecurity partnerships. Work with cybersecurity vendors that offer threat intelligence tools.

MSSPs can help organizations keep pace with evolving cyber threats, too. They can provide cloud, endpoint, network and other security services to protect organizations against myriad cyberattacks, as well as help organizations develop and implement cybersecurity strategies.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.