Cyber crooks are more interested in exploiting people, not software flaws, claims Proofpoint

Ransomware, phishing, cryptocurrency threats and cloud attacks all growing fast, warns security report

Cyber criminals are increasingly attempting to exploit people rather than software flaws when launching devastating attacks, according to a new study.

The annual Human Factor report, authored and released by cyber security firm Proofpoint, is intented to provide an insight into the latest trends hackers are utilising to steal money and information.

In 2017, the company analysed attack attempts made on 6,000 organisations across the world. The report highlights the continued rise of ransomware, phishing, cryptocurrency threats and cloud application breaches.

It found that email is still the attack vector of choice for criminals, with 30 per cent of clicks in malicious messages occurring within ten minute of delivery. Meanwhile, 50 per cent of them are made within an hour.

Hackers are tricking users into clicking on to malicious links through dropbox-related emails. Proofpoint described them as the "top lure" for phishing attacks.

Advanced persistent threat (APT) activity mainly affects government and defence firms, with these sectors making up 40 per cent of attack attempts. However, Proofpoint asserted that no industry is "exempt" from such attacks.

Last year, cryptocurrency campaigns continued to grow. The report found that 80 per cent of malicious emails contained ransomware and banking Trojans.

Overall, 80 per cent of companies experienced email fraud attacks. "The number of email fraud emails using language related to legal advice or practices in their subject lines increased by 1,850% year-over-year," said the firm.

The education, management consulting and media industries saw the most email attacks. On average, companies in these sectors were affected by 250 attacks.

Construction, manufacturing and technology firms were hit by the most phishing campaigns, with manufacturing, healthcare, and technology greatly affected by crimeware for financial gain.

The report found that 60 per cent of cloud service users have put themselves at risk of being compromised by not having a password policy or multi-factor authentication in place.

"Threat actors continue to find new ways to exploit our natural curiosity, desire to be helpful, love of a good bargain, and even our time constraints to convince us to click," said Kevin Epstein, vice president of Threat Operations for Proofpoint.

"Our research clearly shows that it's imperative to stop threats before they reach users over email, cloud applications, and social networks.

"Reducing initial exposure minimizes the chances that an organisation will experience a confidential data breach, business disruption, or direct financial loss."