the human factor 2017: malicious emails exploit people, not code

1

Download the complete report proofpoint.com/humanfactor @Customer Service How may I help you? From: the CEO The Human Factor 2017 SUN MON TUES WED THUR FRI SAT Nearly 50% of clicks occur within an hour 25% of clicks occur in just ten minutes Malicious emails exploit people, not code. Here are the top techniques cyber criminals used in 2016 to trick users into engaging with malicious emails and social media posts. Fraudulent mobile apps trick users. Malicious apps feature stolen branding and misleading names to convince users to download malware. business email compromise (BEC) attacks are rising. BEC message volume rose from 1% in 2015 to 42% by the end of 2016. Social media account phishing trends up. Social media account phishing increased 150% in 2016. Malware categories vary distribution by day. Ransomware campaigns favor Tuesday through Thursday. Time is money. 87% of clicks on malicious URLs occur within first 24 hours of delivery Attacks peak mid-day. Clicks peak 4-5 hours after the start of the business day: that is, right around lunchtime. More mobile phones meanS more risk. 42% of clicks on malicious URLs were made from mobile devices, double last year's rate of 20%.

Upload: proofpoint

Post on 21-Jan-2018

2.741 views

Category:

Technology

0 download

Report

Download

Embed Size (px):

TRANSCRIPT

Page 1: The Human Factor 2017: Malicious emails exploit people, not code

Download the complete reportproofpoint.com/humanfactor

@Cu

stom

er S

ervi

ce

How

may

I he

lp y

ou?

From: the CEO

TheHuman Factor 2017

SUN MON TUES WED THUR FRI SAT

Nearly 50% of clicks occur within an hour

25% of clicks occur in just ten minutes

Malicious emails exploit people, not code.

Here are the top techniques cyber criminals used in 2016 to trick users into engaging with malicious emails and social media posts.

Fraudulent mobile apps trick users.

Malicious apps feature stolen branding and misleading names to convince

users to download malware.

business email compromise (BEC) attacks are rising.

BEC message volume rose from 1% in 2015 to 42% by the end of 2016.

Social media account phishing trends up.

Social media account phishing increased 150% in 2016.

Malware categories vary distribution by day.

Ransomware campaigns favor Tuesday through Thursday.

Time is money. 87% of clicks on malicious URLs

occur within first 24 hours of delivery

Attacks peak mid-day. Clicks peak 4-5 hours after the start of the business day: that is, right around lunchtime.

More mobile phones meanS more risk.

42% of clicks on malicious URLs were made from mobile devices,

double last year's rate of 20%.

proofpoint.com/humanfactor

How To Protect Yourself Against Malicious Emails

Cisco 2014 Annual Security Reportdls.generation-nt.com/C/Cisco_2014_ASR.pdf · stealthy, hide-in-plain-sight infiltrations that execute in minutes, malicious actors continue to exploit

Email attachments - Isle of Man Government€¦ · Clicking links/URLs in phishing emails can put you at risk of being infected by malicious software (malware). These emails will

Malicious Code as Weapon Malicious Code as Weapon

지금 이순간 우리조직의 건강상태는(윤삼수)fireeyeday.com/1604/pdf/Track_1_1.pdf · FireEye recently identified several malicious documents in the wild that exploit

Taxonomy of Malicious Programs Malicious Softwareabc/teaching/bbs677/slides/Malware_4.pdf · Taxonomy of Malicious Programs Needs Host Program Independent Programs Malicious Trapdoors

e d i t i o n · Script-Based Attack Protection Detects attacks by malicious scripts that try to exploit Windows PowerShell. Also detects malicious JavaScripts that can attack via

HIPAA Report - AlienVault · Exploitation & Installation — Malicious website - Exploit Kit — Angler EK 8 Exploitation & Installation — Malicious website - Exploit Kit — GoonEK

The Malicious Exploit Analysis. ... - Rahul Sasi - Static...requirement for automated exploit analysis and filtering document file formats. ! This talk would be on intelligent automated

Hardening Microsoft Windows 10 version 1709 Workstations · 1 Introduction Workstations are often targeted by an adversary using malicious webpages, emails with malicious attachments

ICC CYBER SECURITY GUIDE FOR BUSINESS · 1 Examples of external cyber security threats which are increasing are malicious software (such as Intrusion software, code injection, exploit

THE PITFALLS OF LEGACY TECHNOLOGY...in Industrial Programming,” we reveal previously unknown design flaws that threat actors could exploit to hide malicious functionalities in robots

Protecting Your Critical AssetsMar 06, 2010 · 3. The user’s browser downloaded and executed the malicious JavaScript, which included a zero-day Internet Explorer exploit. 4. The

SYMANTEC INTELLIGENCE REPORT NOVEMBER … Intelligence Report 3 Summary ... likely to be targeted by malicious email in the month of November, where one in 93.7 emails was malicious

Malware - cs.stevens.edu · Where does Malware come from? Malicious scripts on websites that exploit security holes in browsers (Exploits) Security vulnerabilities in operating systems

Fermilab Computing by the numberscomputing.fnal.gov/wp-content/uploads/CCDFunFacts.pdf · 2017. 8. 25. · More than one million spam emails are caught every month; 8,000 malicious

SECURITY CHALLENGES FOR BANKS - Accenture...where parties may exploit vulnerabilities to launch malicious attacks—the device, network and data center. Figure 1. The Mobile Attack

Layered Network Security · PDF file · 2017-07-24malvertisement or malicious link Exploit occurs Communication back to malicious infrastructure User’s files become encrypted and

ACM Winter School NISER, Bhuvaneshwarsmishra/event/acmws2019/... · 2019-12-17 · Exploit - a software designed to take advantage of a flaw in a computer system, typically for malicious

An Online Malicious Spam Email Detection System Using ... · The objective of this paper is to detect the malicious spam emails so that general users can be protected from being re-directed

The OWASP Foundation Risks of Insecure Communication High likelihood of attack Open wifi, munipical wifi, malicious ISP Easy to exploit

Towards Detecting Anomalous User Behavior in Online … · Abstract Users increasingly ... by using malicious crowdsourcing services that exploit ... pends on the application. In

UNITED STATES SECURITIES AND EXCHANGE COMMISSION … · 2019. 5. 1. · include sophisticated malware (viruses, worms, and other malicious software programs) and phishing emails that

Detecting Malicious Exploit Kits using Tree-based ... · Detecting Malicious Exploit Kits using Tree-based Similarity Searches Teryl Taylory, Xin Huz, Ting Wang, Jiyong Jang z, Marc

Protect Yourself Against Ransomware · software to be installed on a victim’s device is through phishing emails, malicious adverts on websites, and questionable apps and programs

Application Security INF3510 – Malicious Software Information … · installing and starting malicious programs from a website Direct attacks from the network, which e.g. exploit

9 BAD HABITS MALICIOUS EMAILS LOVE€¦ · email created to hack the human brain and dupe a professional (or nonprofessional) into dropping standard security protocols and procedures

Pattern-Based Design of Insider Threat Programs · Pattern-Based Design of Insider Threat Programs ... has revealed that malicious insiders exploit business process ... Pattern-Based

Malicious Emails - clearviewtech.net · 1.Identify the Sender [email protected] [email protected] This is the most important portion of an email address: the portion after

COVID-19 (Coronavirus) Phishing Scams · sending phishing emails that look like legitimate awareness training or refunds for event cancellations. Falling for one of these malicious

ARTICLE Securing Digital Transformation: Top 5 Do’s and Don’ts...accidentally click on a malicious link, open phishing emails or leak business-critical information unknowingly

DeepPhish: Simulating Malicious AI - albahnsen.com · with the attacker, these responses to scamming emails contain a link that traces the geographical location. Even if this project

Malicious Emails - Sperry Rail IT Support

EKHunter: A Counter-Offensive Toolkit for Exploit Kit ... · 9/3/2017 · Feb 09, 2015, San Diego, CA. EKHunter NDSS'15 2 Exploit Kits malicious toolkits used ... (Microsoft Security

WRITING EMAILS – EMAILS SCHREIBEN€¦ · WRITING EMAILS – EMAILS SCHREIBEN WRITING SUCCESSFUL AND EFFECTIVE EMAILS – ERFOLGREICHE UND EFFEKTIVE EMAILS SCHREIBEN Here is a checklist