How Threat Actors Hijack Attention: The 2022 Social Engineer...| MENAFN.COM

Wednesday, 06 July 2022 01:57 GMT

How Threat Actors Hijack Attention: The 2022 Social Engineering Report


(MENAFN- BPG Group) Dubai, UAE, 23 June 2022:Cybersecurity researchers at Proofpoint, a leading cybersecurity and compliance company, havereleased “The 2022 Social Engineering Report”, which analyzes key trends and techniques of socially engineered cyber threats observed over the past year. Social engineering is a component of nearly every threat actor’s toolbox who uses email as an initial access vector. From financially motivated cybercrime, to business email compromise (BEC) fraud, to advanced persistent threat (APT) actors, Proofpoint has observed countless tactics, techniques, and procedures relying on humans’ fundamental propensity to open and respond to emails.

As people get better at identifying potential threats in their inbox, threat actors must evolve their methods. And that means leveraging behaviors that may be antithetical to how people expect threat actors to behave. With half of UAE CISOs considering human error to be their organization's biggest cyber vulnerability, security awareness education across the organization should be a priority.

Thelatest social engineering reporthighlights some common misconceptions people may have about how criminal or state actors engage with them, including: threat actors may build trust with intended victims by holding extended conversations; they expand abuse of effective tactics such as using trusted companies’ services; leverage orthogonal technologies, such as the telephone, in their attack chain; know of and make use of existing conversation threads between colleagues; and regularly leverage topical, timely, and socially relevant themes.
Sherrod DeGrippo, Vice President, Threat Research and Detection, Proofpoint, said: “Despite defenders’ best efforts, cybercriminals continue to defraud, extort, and ransom companies for billions of dollars annually. The struggle with threat actors evolves constantly, as they change tactics to earn clicks from end users.Security-focused decision makers have prioritized bolstering defenses around physical and cloud-based infrastructure which has led to human beings becoming the most relied upon entry point for compromise. As a result, a wide array of content and techniques continue to be developed to exploit human behaviors and interests.In this new report, Proofpoint researchers analyze frequently used social engineering techniques and look to debunk faulty assumptions made by organizations and security teams, which should be taken into account to better protect their employees against cybercrime.”

The 2022 Social Engineering report looks at what services are frequently abused, such as Google Drive or Discord; how Proofpoint sees millions of messages directing people to make phone calls as part of the attack chain; and why techniques like thread hijacking can be so effective.
The driving force behind the widespread use of social engineering is the fact that it is effective -- despite defenders’ best efforts, cybercriminals continue to be successful at exploiting the human element to recognize financial gain. This is unlikely to change any time soon. The most sophisticated criminal organizations have evolved to mirror legitimate businesses and as a result have scaled to become more resilient while also recognizing greater profits than ever before. Until some factor creates a situation where the path of least resistance to monetization is not a person, threat actors will continue to capitalize by preying on human behaviors, instincts, and emotions.

Organizations must ingrain in their users the idea that malicious activity is regular, even inevitable. As this becomes more widely accepted and reporting/clearing pipelines for threats become more well-established within workflows, threat actors should have a progressively more difficult task in exploiting the human element.


MENAFN23062022002926011751ID1104420707


BPG Group

Legal Disclaimer:
MENAFN provides the information “as is” without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the provider above.