sb-nz logo
Story image

New research reveals which employees are being targeted for why

12 Sep 2018

Article by Proofpoint APJ vice president Tim Bentley

Individual contributors and lower level management account for nearly two thirds (60%) of highly targeted attacks within an organisation.

This is according to Proofpoint’s latest quarterly report, which analyses the employees and organisational departments which receive the highest number of targeted email attacks, and identifies techniques and tools used by their attackers.

Protecting People features insights from global threat data from April-June of this year, and this quarter’s findings reveal a substantial increase in targeted attacks across the board, including:

  • 25% increase in email fraud attacks from the previous quarter
  • 85% increase in email fraud attacks from the past year
  • 36% increase in the volume of malicious email from the previous quarter.

Who’s being attacked

With information on employees now becoming more widely and freely available, fraudsters can find multiple ways inside a work environment.

Proofpoint’s report shows that attackers target people at all levels.

From a group perspective, individual contributors and lower-level management account for about 60% of highly targeted malware and credential-phishing attacks.

Upper management accounted for 23.5% of targeted attacks, but given they represent a smaller proportion of the total workforce this suggests C-level executives, directors, department heads are targeted disproportionately more often.

Workers in operations and production functions, the bulk of a typical company’s workforce, are the most exposed, representing 23% of highly targeted attacks.

Management was the second-most exposed job function. Companies across all industries are targeted with email fraud, and most industries saw more attacks in the second quarter than in the previous three.

For the second straight quarter, real estate firms were the most targeted, with 67 fraudulent emails sent on average.

Some industries, like education, entertainment, and media companies, saw triple-digit increases from a year ago.

How they’re being attacked

Today’s cyber attacks target people: they trick workers into opening an unsafe attachment or clicking on a dubious web link, the report confirms most attacks used malicious URLs.

Email fraudsters are creative and use a range of techniques to trick recipients into opening the email and acting on it.

Some common techniques include creating subject lines which reference a file or document, in other cases cybercriminals succeed in using display-name spoofing, which is prevalent in 90% of targeted attacks. Additionally, social media attacks and support fraud are a growing concern for organisations. Commonly known as ‘angler phishing’, fraud occurs when an attacker creates a social media account designed to mimic customer support accounts of trusted brands.

When a customer asks for help on social media, the attacker sweeps in using the fake customer-support account (often before the real one even has a chance to respond.) 

Under the guise of helping, the attacker then sends the customer to a fake login site to steal credentials or asks for the credentials directly.

How to defend yourself and your company

As people continue to blindly trust email communication and fall victim to these threats, cybercriminals will continue to target high-risk users.

Effective protection cannot be a one-size-fits-all approach, businesses must consider a tailored defence strategy that caters for different targets within their organisation.

Proofpoint advises organisations take the following steps to prevent staff falling victim to highly-targeted attacks:

  • Train users to spot and report malicious email
  • Assume that users will eventually click some threats
  • Build a robust email fraud defence
  • Protect your brand reputation and customers in channels you do not own
  • Partner with a threat intelligence vendor

Cybersecurity remains a key concern for organisations, but no matter how well companies manage their IT infrastructure, attacks that target its people can’t be patched.

Human nature is the ultimate vulnerability. 

Protecting people starts with knowing who in an organisation is being attacked and why they might be targeted from their roles and the data they have access to.

Story image
Microsoft top targeted brand by cyber criminals in Q4 2020
In Q4, 43% of all brand phishing attempts related to Microsoft (up from 19% in Q3), as threat actors continued to try to capitalise on people working remotely during the COVID-19 pandemic’s second wave. More
Story image
Hornetsecurity acquires Altaro, the latest in acquisition spree
The move is a culmination of a medley of acquisitions made by Hornetsecurity recently, following the January 2019 acquisition of Spamina, a Spanish cloud email security company, as well as EveryCloud, its British market partner, in early 2020.More
Story image
Sophos Rapid Response puts out the ransomware fire
“Attackers are using a range of techniques and whichever defence has a weakness is how they get in. When one technique fails they move on to the next, until they find a weak spot."More
Story image
Online gaming a 'hotbed' for DDoS attacks — report
The latency and availability issues present in online gaming, in particular, presented an attractive target to attackers, in addition to the enduring popularity of gaming in the era of COVID-19.More
Story image
Sophos named a Numbering Authority in CVE programme
The programme, which runs an open data registry of vulnerabilities, enables programme stakeholders to correlate vulnerability information used to protect systems against attacks. More
Story image
Worldwide cybersecurity spending to increase 10% in 2021 — Canalys
This will contribute to a swelling of the valuation of the cybersecurity market, which is set to reach $60.2 billion this year.More