Cybersecurity firm, Proofpoint, released a new report that focuses on the human factor in cybersecurity attacks.
The results show that users continue to be the key for most malicious attacks, those involving ransomware and business email compromise (BEC).
Researchers examined over two billion emails, 35 billion URLs, 200 million attachments, and 35 million cloud accounts from last year to better understand cyberattacks that specifically target the user.
According to the report, about 66 percent of malicious emails employed consumer and corporate credential phishing techniques, which is a starting point for BEC and data theft activities.
Email is still a predominant device to deliver ransomware, with 48 million messages containing malware. One quarter of all malware campaigns concealed compressed executable files in emails, which require the user to open the attachment to launch the malware. In fact, attachments turned out to be the most successful form of phishing attack, with an average of 20 percent of users clicking on the attachment.
Researchers also found that cybercriminals are increasing their use of compromised CAPTCHA, a visual puzzle that differentiates humans from computers. Although still only representing a five percent response rate, attacks that incorporated CAPTCHA had 50 times the number of clicks as 2019. Because users typically identify CAPTCHA as a security measure, they can be easily fooled.
Cybersecurity experts express concern, as cybercriminals are both increasing the volume of cyber attacks as well as improving their sophistication. D. Howard Kass "Report: Cyberattacks Typically Exploit Personal Log-ins to Launch Malicious Code" www.msspalert.com (Aug. 15, 2021).