Cybercriminals love to rely on human interaction to conduct broad range attacks
Many cybercriminals have been undertaken people-centered attacks by increasingly using social engineering rather than automated exploits even in web attacks.
Humans have will always be the best exploits in the eyes of hackers. The social engineering has become the most used attack method, for example almost all attached documents and URLs in malicious emails required human interaction.
Hackers are continuously finding new ways to trick victims into becoming their unwitting accomplices. Email is still the most popular attack vector followed close by the crypto-currency drove innovations in phishing and cybercrime.
Attacks that include both massive, multimillion-message malicious campaigns distributing malware such as ransomware and highly targeted assaults orchestrated by state-sponsored groups and financially motivated fraudsters have become a harsh and dangerous reality in the past two years
These global campaigns are broad-based or targeted; delivered via email, social media, the web, cloud apps, or other vectors; whether financial gain or national interests motivate them, the social engineering tactics used in these campaigns work time and time again. Victims clicked malicious links, downloaded unsafe files, installed malware, transferred funds, and disclosed sensitive information at scale.
A report shows that, in 2017, 95% of the web attacks used social engineering to trick users into installing malware, 55% of social media attacks used fake customer-support to target customers of financial services companies, and 35% of social media scams used links to take users to video streaming and movie download sites.
Network traffic of coin mining bots reached 90% between September and November, while ransomware and banking Trojans become responsible for more than 82% of all malicious email messages.
Manufacturing, healthcare, and technology firms were targeted the most by the hackers.
Banking Trojans were highly popular in Europe and Japan, accounting for 36% and 37% of all malicious. Furthermore, around 1% of all cloud service credentials have been leaked.
Remember that only the presence of antivirus for Windows or antivirus for Mac gives you the protection against hacker attacks. Also, remember that tests like penetration test and ethical hacking tests are now available for any company that wants to tighten their security.
Hackers are increasingly using cloud services that users are accustomed to receiving email notifications from to send malicious messages and host malware. While no significant cloud services avoided abuse, services such as G Suite and Evernote was used to send phishing emails and malware.
A study found out that North American employees tended to click at the beginning of the workday, at lunch, and the end of the workday. South America followed a similar pattern, but Australian employees were more likely to click in the morning.
Usually focused on high-profile targets, state-sponsored hackers and established cyber criminals switched to targeting smaller targets in 2017.
North Korea- affiliated Lazarus Group launched multistage attacks against individuals and point-of-sale (POS) infrastructure to steal cryptocurrency and consumer credit card data. The financially-motivated FIN7 started targeting individuals within restaurant chains using a new backdoor and malicious macros.
The Cobalt Group used new malware and document exploits in attacks against financial institutions and used anti-sandbox features to make detection more difficult.
Cryptocurrency phishing campaigns and identified sophisticated phishing templates were targeting wallets and exchanges, including one attack that used malicious Office documents to install a banking Trojan, are reaching hundreds of thousands of people in no time. For example in this January, the researchers discovered over 100,000 Bitcoin-related domains, some supposedly registered for nefarious purposes.
Social engineering is the heart of most attacks today.
To stay away from such threats, we recommend the install of antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your device is running.
If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests. Also, if your business exists 100% online, we recommend the use of cyber-secured web hosting services.