Security Market Segment LS
Thursday, 10 December 2015 13:58

Click happy users easily fooled in 2016

Click happy users easily fooled in 2016

Cyber-criminals are moving away from malicious attachments to mobile applications and socila media platforms. A random click to an infected web site is now all you need to be compromised.

That is according to Proofpoint, a global security-as-a-service vendor that delivers data protection solutions and currently serves more than 3,000 global enterprises (over half of the Fortune 100), universities and government agencies, and supports tens of millions of users.

The aggressive incorporation of social engineering techniques highlights the weakness of ‘the human factor’ in the attack chain. People are the targets in 2016: from email, web, social media, and mobile apps, attackers will develop campaigns and vectors that leverage the human factor to bypass increasingly sophisticated detection and response capabilities.

More than ever before, the ease of automating cyber-crime campaigns (off-the-shelf, ‘commodity’ tools), the use of machine learning to identiify victims, rent a botnet by the hour, and a money rich and robust underground cybercrime economy have driven a process of mass customization. This makes for huge malware payloads with the qualities of custom malware that is undetectable by signature and reputation-based defenses, resistant to analysis, stealthy data exfiltration, self-deletion, and the ability to download additional payloads and support lateral movement within the target organization. As a result, broad-based campaigns regularly employ delivery techniques, infection chains, and payloads that easily evade traditional defenses and remain undetected in the compromised organization for months or even years.

Kevin Epstein, vice president of Threat Operations at Proofpoint said “Next year we will see cybercriminals cast a wider net, move away from malicious document attachments and increasingly leverage emerging vectors such as mobile applications and social media platforms. Our six 2016 predictions all have one theme in common—cybercriminals are targeting the people behind devices and are looking to capitalize on their willingness to click.”

Its predictions are interesting. Some are new and some reinforce the message to be vigilant and take care as mobile – iOS and Android – are the new attack vectors in 2016. Read on for its predictions.

1. Cybercriminals will build on their 2015 successes by developing campaigns and exploiting vectors that target user willingness to click across email, social media and mobile applications

2. Attackers will look beyond PCs and other end-point devices and attack high-value financial infrastructure, ATMs, point of sale terminals, new EMV card readers, and payment portals

3. Malicious document attachment campaigns have disappeared almost entirely in the major markets. They will be replaced by a new type of high-volume campaign that combines effectiveness and scalability to target users – links to infected web sites

4. It detected thousands of fraudulent social media accounts that support malware distribution, knock-off product sales, pirated software and more - this trend is expected to spread across all verticals that make use of social media, to steal personal customer data, or organisation financial data

5. It says that more malware will be discovered on official app stores. Malware is being increasingly targeted at enterprises, where malicious behaviour will only activate once inside targeted enterprises, and will not trigger when run by consumers or app store vetting mechanisms

6. Businesses will be increasingly squeezed between the demands of data privacy and law enforcement. The momentum for data privacy and access will shift to the side of law enforcement and intelligence agencies – more bureaucracy and enforcement

 It gives special mention to the darker side of social media. Its value is as a research tool. Proofpoint observed examples of attackers embracing social media as a targeting and delivery vector. Two major trends emerged, and Proofpoint predicts that these will dominate the social media security and management landscape in 2016:

Support account impersonation
Proofpoint Nexgate researchers increasingly see hackers, scammers and pranksters use fraudulent customer care accounts to phish credentials, steal personally identifiable information (PII) and compromise brand reputations. Bank account credential phishing is just the tip of the iceberg when it comes to fraudulent accounts: it has detected thousands of fraudulent social media accounts that support malware distribution, knock-off product sales, pirated software, and even brand pranks. It expects this threat to spread and target customers of businesses in any vertical that makes use of customer accounts, be it to reinforce loyalty or provide services.

Social mobs
Known primarily in the form of the phenomenon ‘Twitter shaming,’  in 2016 social mobs became a challenge for organizations of all sizes. Proofpoint Nexgate researchers are seeing companies of all types targeted with “social mob” attacks. These can be politically motivated, but they are as frequently simply protesting an action or position that the company has taken. These attacks are carried out across all social media, from Facebook and Twitter to even Instagram. As a result of social mob action, a company can receive overnight 25,000 or more negative or unrelated comments on social media, often simply copied and pasted from a central ringleader.

 The good news for organizations is that the strength of social media is also its weakness: that is, the ability to reach a large number of potential victims through a single social media account also makes it easier for organizations to mitigate – with the assistance of purpose-built solutions for social media security and compliance – the threat of social mobs and Support account impersonation through the use of countermeasures ranging from user controls and conversation management to account verification and even takedowns.

Have a great Xmas - with your shiny new malware magnet!

Subscribe to ITWIRE UPDATE Newsletter here


The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Ray Shaw

joomla stats

Ray Shaw  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News