“In addition to troubling growth in volume and sophistication of ransomware and business email compromise (BEC) attacks, we discovered massive spikes in lesser-known methods like Captcha techniques and steganography, which proved surprisingly effective,” said Ryan Kalember, EVP of cybersecurity strategy, Proofpoint.
Compiled by cybersecurity and compliance firm Proofpoint, the report notes that the pandemic and resulting work-from-home environment has ensured that people continue to be the most critical factor in cyber attacks.
TechRadar needs you!
>> Click here to start the survey in a new window <<
We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.
In its analysis, Proofpoint notes that the use of Captcha in attacks registered a fiftyfold increase as compared to 2020. The trick was actively used by the financially motivated threat actor TA564 against organizations in Canada.
New attack vectors
Explaining the use of CAPTCHA in malicious campaigns, the report suggests that some attackers use them to ensure they are delivering malware to a real user, rather than a security sandbox.
Others, such as TA564, use it to determine their victim’s location based on the IP address to ensure they are targeting people in the correct geographies. Another less commonly used technique that is slowly gaining popularity with threat actors is steganography. Attackers use it to embed malicious payloads inside innocent looking files like images. Despite being used in only a handful of campaigns, the technique proved highly effective with three out of every eight recipients clicking on the tainted image.
People-centric vulnerabilities In all, the report detected over 48 millions messages laced with malware capable of being used as an entry point for ransomware attacks.
Meanwhile, the most common form of attack was credential phishing, which accounted for nearly two-thirds of all malicious messages, outpacing all other attacks combined. The click-through rate of attachment outpaced all other phishing methods, with an average of one in five users clicking. The report also shares details about elaborate BEC scams, one of which impersonated C-Level executives and ordered multiple email recipients to transfer sums exceeding $1 million in the name of a phony corporate acquisition.
Arguing that attackers look at the world in terms of connections, relationships and access, Proofpoint argues that an effective security strategy should “consider the individual risk each user represents, including how they’re targeted, what data they have access to, and whether they tend to fall prey to attacks.”