Hackers target people more often than infrastructure.
For example, last year, from all emails found distributing malware 99% of them did require human interaction to click links, open documents, accept security warnings, or complete other tasks to effectively compromise a company.
Meaning that even when hackers are targeting companies they focus on people, their roles, and data they can access.
2019 human factor report found an increasing sophistication and prevalence of social engineering across businesses as hackers design more and more well-crafted business email compromise schemes and domain fraud.
The credential-stealing remains a hackers’ strong focus, in order to achieve these many techniques are used: from Microsoft Office 365 phishing schemes to DocuSign, and Microsoft cloud lures.
Don’t think for a second that hackers are uninformed, in fact, they are one of the most prepared people when it comes to cyberworld knowledge. Now it is known to them, that companies are moving to the cloud and if employees see something that looks familiar, they’ll click it, even if the sender is unfamiliar. People are used to seeing Office 365 and Dropbox links; the instinct to click precedes the instinct to think twice.
Education, for example, receives a disproportionate number of “Request” and “Greeting” emails, while attacks on engineering firms typically use “Urgent” and “Request” in the subject line.
Remember everything can be hacked. Therefore, you are strongly advised to always keep a good antivirus app on your Mac, like Antivirus CB from AppStore, on every device that you own. This can detect and block such malicious activities before they can infect your device.
The use of this emails is to plant a malware that can sit on a victim’s computer and remain there for several days or months without triggering any red flags because in many cases the malware is a sophisticated backdoor which is used to collect as much data as it can.
The report also highlights that the Carbanak hackers group uses lures and well-crafted file attachments to distribute multiple strains of malware. One of their campaigns included an email, with a file attached, that claimed to be protected with security technology. Instructions to “decrypt” the file enabled macros and installed the Griffon backdoor.
Are you a valuable target?
Hackers are targeting a variety of people. The most attacked are people who are much more readily available. For example, hackers do not target C-level executives, who generally keep their online identities hidden. They target salespeople, marketing teams, and human resources professionals, many of whom have publicly available emails.
The most targeted people are those who have their identities published online via corporate websites, social media, or other sites.
Hackers are finding success in using more than five spoofed identities to target more than five individuals in each organization. They spoof the identities of several executives or senior managers while sending a malicious file to employees.
We would continue to monitor the cybersecurity world. Meanwhile, users should keep a keen eye out for any cyber-attacks. Remember to use antivirus for Mac like Antivirus CB which can be found on AppStore to try for free.