Proofpoint’s Annual Human Factor Report Reveals How 2020 Transformed Today’s Threat Landscape

Rhea-AI Summary

Proofpoint, Inc. (NASDAQ: PFPT) released its Human Factor 2021 report, highlighting critical cybersecurity threats from 2020. The report reveals over 48 million messages capable of initiating ransomware attacks. Credential phishing remains the most prevalent cyberattack, constituting two-thirds of malicious messages. Notably, attachment-based phishing is the most effective method with a 20% click rate. Other significant findings include a dramatic rise in steganography attacks, successful BEC fraud attempts exceeding $1 million each, and the use of Remote Access Trojans in one in four campaigns.

Positive

• Human Factor 2021 report identifies critical threats, aiding in the strategy development for cybersecurity.
• Reveals over 48 million malware messages, indicating a strong market need for cybersecurity solutions.

Negative

• Ransomware and phishing attacks remain high, posing ongoing threats to businesses.
• Sophisticated BEC scams led to significant financial losses with fake corporate acquisition schemes.

More than 48 million observed messages containing malware capable of downloading ransomware foreshadowed the risk of recent high-profile cyber attacks

SUNNYVALE, Calif., Aug. 04, 2021 (GLOBE NEWSWIRE) -- Proofpoint, Inc. (NASDAQ: PFPT), a leading cybersecurity and compliance company, today unveiled its annual Human Factor report, which provides a comprehensive examination of the three main facets of user risk—vulnerability, attacks, and privilege—and how the extraordinary events of 2020 transformed the current threat landscape. Human Factor 2021 draws on data and insight from a year’s worth of research, covering threats detected, mitigated, and resolved across one of the largest datasets in cybersecurity.

“Attackers don’t hack in, they log in, and people continue to be the most critical factor in today’s cyber attacks. The threat ecosystem has evolved over the past year, and this report explores how a people-centric approach to cybersecurity can reduce today’s risks,” said Ryan Kalember, EVP of cybersecurity strategy, Proofpoint. “In addition to troubling growth in volume and sophistication of ransomware and business email compromise (BEC) attacks, we discovered massive spikes in lesser-known methods like CAPTCHA techniques and steganography, which proved surprisingly effective.”

Every day, Proofpoint analyzes more than 2.2 billion email messages, 35 billion URLs, 200 million attachments, and 35 million cloud accounts. This report draws on analysis of that data throughout 2020 by our team of expert threat researchers and reveals risks and vulnerabilities that persist today:

• Ransomware was omnipresent, with more than 48 million messages containing malware capable of being used as an entry point for ransomware attacks. Email remains a crucial part of these attacks, serving as the route through which much of the first-stage malware used to download ransomware is distributed.
• Credential Phishing—both consumer and corporate—was by far the most common form of cyberattack, accounting for two-thirds of all malicious messages. This credential phishing leads to account compromise, from which other attacks like business email compromise (BEC) and data theft are launched.
• Of all Phishing methods (attachment, data, link), attachment proved the most successful, with an average of one in five users clicking—a higher rate than the other two combined.
• Increasingly elaborate BEC fraud attempts emerged. In one case, Proofpoint detected that a single threat actor (TA2520) used BEC to impersonate C-Level executives, instructing multiple email recipients to transfer sums of more than $1 million in the name of a phony corporate acquisition.
• Steganography was wildly successful, with more than 1 in 3 people targeted in such attack campaigns clicking the malicious email—the highest success rate of all attacks. Steganography is the technique of hiding malicious payloads within seemingly innocuous files like pictures and audio. After the hard-to-detect files land on users’ machines, they are decoded and activated.
• Attacks using CAPTCHA techniques garnered 50 times as many clicks as the year prior. Because people typically associate CAPTCHA challenges with anti-fraud measures while working from home, five percent clicked—a fiftyfold increase.
• Cyberthieves used Remote Access Trojans (RAT). In fact, nearly 1 in 4 email threat campaigns employed RAT software tools. For example, the volume of threats delivering Cobalt Strike—a commercial security tool that helps organizations probe for system weaknesses—jumped 161 percent.
• 1 in 4 attack campaigns used compressed executable files to hide malware. The method requires a user to interact with a malicious attachment like an Excel spreadsheet or PowerPoint slide deck to execute the payload.
  

To download Proofpoint’s Human Factor 2021 report, please visit: https://www.proofpoint.com/us/resources/threat-reports/human-factor.

For more information on creating a people-centric cybersecurity strategy, please visit: https://www.proofpoint.com/us/resources/white-papers/people-centric-cybersecurity-guide.

About Proofpoint, Inc.

Proofpoint, Inc. (NASDAQ: PFPT) is a leading cybersecurity and compliance company that protects organizations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyberattacks. Leading organizations of all sizes, including more than half of the Fortune 1000, rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web. More information is available at www.proofpoint.com.

Connect with Proofpoint: Twitter | LinkedIn | Facebook | YouTube

Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.

PROOFPOINT MEDIA CONTACT:
Kristy Campbell
Proofpoint, Inc.
(408) 850-4142
kcampbell@proofpoint.com

FAQ

What were the main findings of the Proofpoint Human Factor 2021 report regarding ransomware?

The report revealed over 48 million messages with malware for ransomware attacks, highlighting email as a primary entry point.

What percentage of phishing attacks were due to credential phishing according to the report?

Credential phishing accounted for two-thirds of all malicious messages detected in 2020.

How effective were attachment-based phishing attacks in the report?

Attachment-based phishing had a click rate of 20%, making it the most successful form of phishing identified.

What is steganography and how successful was it as per the report?

Steganography involves hiding malicious content in innocuous files, and more than one in three targets clicked on such attacks.

What impact did Business Email Compromise (BEC) fraud have according to Proofpoint?

BEC scams involved impersonating executives for fraudulent transfers, with some attempts exceeding $1 million.