Content, Content

Report: Cyberattacks Typically Exploit Personal Log-ins to Launch Malicious Code

Contrary to common perception, cyber attackers don’t hack in, they log in, Proofpoint said in a new report, reaffirming that people continue to be the most critical factor in cyber attacks.

It’s well known that ransomware and business email compromise (BEC) command most of the attention as the most virulent of malware campaigns. But lesser known techniques that compromise CAPTCHA (uses visual puzzles to tell humans from machines) and steganography (hiding malicious code in photography or other files) have spiked dramatically in the last year, the security provider said in its newly released annual report, The Human Factor 2021.

To draw out its findings, the Sunnyvale, California-based Proofpoint analyzed the more than 2.2 billion email messages, 35 billion URLs, 200 million attachments and 35 million cloud accounts it examined daily in calendar 2020 year. The report zeros in on how COVID-19 “transformed” the 2020 threat landscape as it continues to do so today.

Based on its analysis of those data points, here’s what the report found:

  • 48 million messages contained malware capable of being used as an entry point for ransomware. Email remains a crucial part of these attacks.
  • Pandemic-related lures appeared more than those tied to any other current event or news item.
  • Roughly 10 percent of campaign-related malicious email attempted to distribute the Emotet malware.
  • Some 25 percent of all campaigns hid malware in compressed executable files.The method requires a user to interact with a malicious attachment like an Excel spreadsheet or PowerPoint slide deck to execute the payload.
  • Credential phishing, both consumer and corporate, accounted for roughly two-thirds of all malicious messages. It was the most common form of attack and serves as a launching pad for BEC and data theft operations.
  • Of all phishing methods (attachment, data, link), attachment proved the most successful, with an average of one in five users clicking, a higher rate than the other two combined.
  • Thread hijacking attempts increased nearly 18 percent, those that use password protected files spiked five-fold and Excel 4.0 macro attempts ballooned more than 10 times.
  • More than 33 percent of people targeted in an steganography attack clicked on the malevolent email. After the hard-to-detect files land on users’ machines, they are decoded and activated. The technique appeared in only a few campaigns.
  • Attacks that used CAPTCHA had more than 50 times the number of clicks as last year. Because people typically associate CAPTCHA with anti-fraud measures, five percent clicked on the puzzle.
  • Nearly 25 percent of email threat campaigns employed Remote Access Trojan (RAT) software tools.

“In addition to troubling growth in volume and sophistication of ransomware and business email compromise attacks, we discovered massive spikes in lesser-known methods like CAPTCHA techniques and steganography, which proved surprisingly effective,” said Ryan Kalember, Proofpoint’s cybersecurity strategy executive vice president.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.