Global Security Trend: Email Attacks Shifting From Endpoints To People
Cyber Criminals Know Your Users Better Than You
A shift is observed in the strategy of cyber attackers. The change is away from the enterprise perimeter and endpoints, and moving toward employees and key functional roles. Cyber Security Hub hosted a webinar with Proofpoint to discuss how your organization can stay one step ahead of cyber-attackers.
This year, bad actors have shifted their attack strategies beyond the enterprise perimeter and endpoints, and are now looking at the increasingly valuable individual, including Employees with privileged access or those who handle sensitive data. What’s more, these adversaries now have access to social media feeds and other public information that helps them customize and personalize each attack approach.
With the use of URLs in emails and Business Email Compromise scams on the rise through more sophisticated phishing campaigns, cyber security awareness is critical to arming employees with the right information to better protect the enterprise. The webinar explored 3 areas to help organizations stay one step ahead of those attackers:
- The shifts in the threat landscape, using examples from Europe, the Middle East, and Africa.
- The new anatomy of a hack – including the use of social networks, news and corporate websites – compared to the old anatomy.
- And, how enterprises can protect personnel from these targeted attacks.
Proof point senior technical engineer Ed Rowley described the global trends observed in the email Eco sphere. Malicious campaigns have continued to grow, such that millions of messages are now being transmitted. These phishing attacks are often using URLs in the body of the message or as an attachment to lure people into clicking. “Business email compromise attacks are very much in vogue for criminals,” said Proofpoint sales engineering team lead Daniel Marley-Cook. BEC attacks don’t contain much malicious content and instead use text.
Exploit kit activity has dropped significantly since 2016. This very much represented the old anatomy of a hack. Criminal gangs are evolving their approach to target people. However, even with this change, they are still following the A’s:
- Assess: Look for publicly available information including social networks, news, and corporate websites
- Analyze: Areas of influence, professional skills and accomplishments, job responsibilities and interests
- Attack: Phishing, malware and BEC fraud
- Act: Control, exfiltrate, spy and destroy
“What’s really scary is that criminals probably know your users better than you do,” said Marley-Cook to the security attendees. Cyber criminals are analyzing professional and social network data to customize their attacks. According to the speakers, the attacker research and due diligence is paying off.S
Criminals are preying on human behavior. Organizations spend time on security awareness training and this often discusses how to develop healthy skepticism about not clicking on email links. Yet organizations find convenience in having group email addresses so a one-to-many communication occurs. Attackers look for these conveniences and realize that getting an entry point to a group address increases the potential for compromising a user. Similarly, the integration of software suites, such as Office 365, present a similar opportunity for attackers to narrow their efforts and achieve scale of reaching numerous users.
While criminals are constantly evolving their threat tactics to break into the corporate supply chain, enterprises can tap into people-centrist visibility to drive better protection.