Story image

48 million malware messages: Proofpoint reveals the reality of today's threat landscape

By Catherine Knowles, 05 Aug 2021

2020 proved to be a significant year for cyber threats and attacks. In fact, Proofpoint’s latest Human Factor report reveals the reality of millions of ransomware-loaded emails, malicious threat actors and new sophisticated attack methods.

Proofpoint’s Human Factor 2021 draws on data and insight from a year’s worth of research, covering threats detected, mitigated, and resolved across one of the largest datasets in cybersecurity.

Every day, Proofpoint analyses more than 2.2 billion email messages, 35 billion URLs, 200 million attachments, and 35 million cloud accounts.

The company's recently released report draws on analysis of that data throughout 2020 by our team of expert threat researchers and reveals risks and vulnerabilities that persist today.

The report finds that in 2020 ransomware was omnipresent, with more than 48 million messages containing malware capable of being used as an entry point for ransomware attacks.

Email remains a crucial part of these attacks, serving as the route through which much of the first-stage malware used to download ransomware is distributed. the researchers state.

Credential phishing, both consumer and corporate, was by far the most common form of cyber attack, accounting for two-thirds of all malicious messages.

This credential phishing leads to account compromise, from which other attacks like business email compromise (BEC) and data theft are launched.

Of all phishing methods (attachment, data, link), attachment proved the most successful, with an average of one in five users clicking at a higher rate than the other two combined, the report finds.

Increasingly elaborate BEC fraud attempts emerged. In one case, Proofpoint detected that a single threat actor (TA2520) used BEC to impersonate C-Level executives, instructing multiple email recipients to transfer sums of more than $1 million in the name of a fake corporate acquisition.

Steganography was found to be wildly successful, with more than 1 in 3 people targeted in such attack campaigns clicking the malicious email, the highest success rate of all attacks.

Steganography is the technique of hiding malicious payloads within seemingly innocuous files like pictures and audio. After the hard-to-detect files land on users machines, they are decoded and activated.

Attacks using CAPTCHA techniques garnered 50 times as many clicks as the year prior. Because people typically associate CAPTCHA challenges with anti-fraud measures while working from home, 5% clicked, a fifty fold increase.

Cyber thieves used remote access trojans (RAT) frequently in 2020. In fact, nearly 1 in 4 email threat campaigns employed RAT software tools.

For example, the volume of threats delivering Cobalt Strike a commercial security tool that helps organisations probe for system weaknesses jumped 161%. 1 in 4 attack campaigns used compressed executable files to hide malware.

The method requires a user to interact with a malicious attachment like an Excel spreadsheet or PowerPoint slide deck to execute the payload.

Proofpoint EVP of cybersecurity strategy Ryan Kalember says, “Attackers don’t hack in, they log in, and people continue to be the most critical factor in today’s cyber attacks.

"The threat ecosystem has evolved over the past year, and this report explores how a people-centric approach to cybersecurity can reduce today’s risks.

"In addition to troubling growth in volume and sophistication of ransomware and business email compromise (BEC) attacks, we discovered massive spikes in lesser-known methods like CAPTCHA techniques and steganography, which proved surprisingly effective.”

Recent stories
More stories