Security Market Segment LS
Thursday, 10 December 2015 13:58

Click happy users easily fooled in 2016

By
Click happy users easily fooled in 2016 http://www.hoax-slayer.com/free-50-dollar-tim-cards-survey-scam.shtml

Cyber-criminals are moving away from malicious attachments to mobile applications and socila media platforms. A random click to an infected web site is now all you need to be compromised.

That is according to Proofpoint, a global security-as-a-service vendor that delivers data protection solutions and currently serves more than 3,000 global enterprises (over half of the Fortune 100), universities and government agencies, and supports tens of millions of users.

The aggressive incorporation of social engineering techniques highlights the weakness of ‘the human factor’ in the attack chain. People are the targets in 2016: from email, web, social media, and mobile apps, attackers will develop campaigns and vectors that leverage the human factor to bypass increasingly sophisticated detection and response capabilities.

More than ever before, the ease of automating cyber-crime campaigns (off-the-shelf, ‘commodity’ tools), the use of machine learning to identiify victims, rent a botnet by the hour, and a money rich and robust underground cybercrime economy have driven a process of mass customization. This makes for huge malware payloads with the qualities of custom malware that is undetectable by signature and reputation-based defenses, resistant to analysis, stealthy data exfiltration, self-deletion, and the ability to download additional payloads and support lateral movement within the target organization. As a result, broad-based campaigns regularly employ delivery techniques, infection chains, and payloads that easily evade traditional defenses and remain undetected in the compromised organization for months or even years.

Kevin Epstein, vice president of Threat Operations at Proofpoint said “Next year we will see cybercriminals cast a wider net, move away from malicious document attachments and increasingly leverage emerging vectors such as mobile applications and social media platforms. Our six 2016 predictions all have one theme in common—cybercriminals are targeting the people behind devices and are looking to capitalize on their willingness to click.”

Its predictions are interesting. Some are new and some reinforce the message to be vigilant and take care as mobile – iOS and Android – are the new attack vectors in 2016. Read on for its predictions.

1. Cybercriminals will build on their 2015 successes by developing campaigns and exploiting vectors that target user willingness to click across email, social media and mobile applications

2. Attackers will look beyond PCs and other end-point devices and attack high-value financial infrastructure, ATMs, point of sale terminals, new EMV card readers, and payment portals

3. Malicious document attachment campaigns have disappeared almost entirely in the major markets. They will be replaced by a new type of high-volume campaign that combines effectiveness and scalability to target users – links to infected web sites

4. It detected thousands of fraudulent social media accounts that support malware distribution, knock-off product sales, pirated software and more - this trend is expected to spread across all verticals that make use of social media, to steal personal customer data, or organisation financial data

5. It says that more malware will be discovered on official app stores. Malware is being increasingly targeted at enterprises, where malicious behaviour will only activate once inside targeted enterprises, and will not trigger when run by consumers or app store vetting mechanisms

6. Businesses will be increasingly squeezed between the demands of data privacy and law enforcement. The momentum for data privacy and access will shift to the side of law enforcement and intelligence agencies – more bureaucracy and enforcement

 It gives special mention to the darker side of social media. Its value is as a research tool. Proofpoint observed examples of attackers embracing social media as a targeting and delivery vector. Two major trends emerged, and Proofpoint predicts that these will dominate the social media security and management landscape in 2016:

Support account impersonation
Proofpoint Nexgate researchers increasingly see hackers, scammers and pranksters use fraudulent customer care accounts to phish credentials, steal personally identifiable information (PII) and compromise brand reputations. Bank account credential phishing is just the tip of the iceberg when it comes to fraudulent accounts: it has detected thousands of fraudulent social media accounts that support malware distribution, knock-off product sales, pirated software, and even brand pranks. It expects this threat to spread and target customers of businesses in any vertical that makes use of customer accounts, be it to reinforce loyalty or provide services.

Social mobs
Known primarily in the form of the phenomenon ‘Twitter shaming,’  in 2016 social mobs became a challenge for organizations of all sizes. Proofpoint Nexgate researchers are seeing companies of all types targeted with “social mob” attacks. These can be politically motivated, but they are as frequently simply protesting an action or position that the company has taken. These attacks are carried out across all social media, from Facebook and Twitter to even Instagram. As a result of social mob action, a company can receive overnight 25,000 or more negative or unrelated comments on social media, often simply copied and pasted from a central ringleader.

 The good news for organizations is that the strength of social media is also its weakness: that is, the ability to reach a large number of potential victims through a single social media account also makes it easier for organizations to mitigate – with the assistance of purpose-built solutions for social media security and compliance – the threat of social mobs and Support account impersonation through the use of countermeasures ranging from user controls and conversation management to account verification and even takedowns.

Have a great Xmas - with your shiny new malware magnet!

BUSINESS WORKS BETTER WITH WINDOWS 1O. MAKE THE SHIFT

You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer

Timezones

QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.

REGISTER!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Ray Shaw

joomla stats

Ray Shaw [email protected]  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments