Proofpoint dispels common threat actor assumptions in new report


The company found that Google-related URLs were the most frequently used last year.

Image: xijian/Getty Images

As part of the “Social Engineering Report 2022“It has been found that many cybercriminals use unintended behaviors as part of their hacking methods. Threat actors are generally not seen as engaging with their victims or attempting to conceal legitimate technologies as part of their schemes. However, Proofpoint has found that many hackers use some of these methods to gain entry when targeting an individual.

“Despite the best efforts of defenders, cybercriminals continue to defraud, extort and ransom businesses for billions of dollars a year,” said Sherrod DeGrippo, vice president of research and threat detection at Proofpoint. . “The fight with threat actors is constantly evolving as they change tactics to gain clicks from end users.”

Hackers debunk previously harbored suspicions

Proofpoint entered the report with a number of assumptions in place, detailing the methods threat actors would go to to carry out an attack, as well as the methods employed to help carry out such attacks.

Threat actors won’t spend time building relationships before executing attacks

The first assumption made by the security firm was that the cybercriminals were simply sending malicious links to many potential victims, but this turned out to be incorrect. In a number of cases analyzed by Proofpoint, Lure and Task Business Email Compromise (BEC) were triggered via an interaction such as a question from an unknown source. If a potential victim were to respond, they were more likely to fall for scams such as gift card, payroll, or bill fraud.

Proofpoint also found that threat actors attempting to initiate a conversation were more likely to receive funds from a victim due to the familiarity the target now believes they have with the criminal. Engaging with a cybercriminal in this manner can be costly for organizations or individuals.

Hackers wouldn’t spoof legitimate services like Google and Microsoft

Many users assume that if the content is from a trusted source, it must be legit. However, Proofpoint found that cybercriminals frequently abuse services such as cloud storage providers and content delivery networks to facilitate the delivery of malware to potential victims. According to the company, Google-related URLs were most frequently used in 2021 when it came to malicious actors attempting to take advantage of unsuspecting users.

“Security-focused decision makers have prioritized building defenses around physical and cloud-based infrastructure, leading to humans becoming the most trusted entry point for compromise,” DeGrippo said. . “As a result, a wide range of content and techniques continue to be developed to exploit human behaviors and interests.”

The threats only affect their computer and not the phone

As with spoofing legitimate sources, a common belief is that email threats only exist on laptops or PCs, but this is also a fallacy. Last year, Proofpoint discovered that threat actors were using call center-based email attacks. This method allows targets to contact a fake call center via a number provided in an email, thereby engaging with the threat actor themselves. Typically, cyber criminals perform this scam via free remote assistance software or by sending a document containing malware.

SEE: Mobile Device Security Policy (TechRepublic Premium)

Criminals are unaware of email conversations and existing chat threads are safe

Another technique used by hackers is known as thread or conversation hijacking. In this method, a cybercriminal will respond to an existing conversation with a malicious link or a piece of ransomware hoping that the intended target does not examine the link or file closely. To carry out this type of attack, adversaries gain access to a user’s inbox via phishing or malware, then gain access to an email chain to distribute the harmful link or software.

Threat actors only use business-related content for attacks

The final assumption that was dispelled as part of the report was that threat actors would not take advantage of timely social issues to elicit a response from their victims. However, as seen with many adversaries using the war in Ukraine for their own interests, that turned out not to be the case. It’s not just the news that is being exploited either, as Proofpoint has observed several malicious emails sent to users with Valentine’s Day themes such as flowers and lingerie as a hook for potential victims.

As always, it’s important to be vigilant when it comes to email best practices. By using a zero-trust architecture and being extremely careful when clicking on links or downloading files, even from known sources, users can prevent themselves or their businesses from falling victim of the next big ransomware or malware attack.


About Author

Comments are closed.