Defending Against People-Focused Attacks in the Modern Threat Landscape

Cyber-criminals have upped their efforts in response to widespread disruption and remote teams, attacking businesses with a variety of threats new and old. Whatever the technique, the majority of attacks had one thing in common: they were all directed against people rather than infrastructure.

Even though the world is already halfway through 2021, the events of 2020 will continue to reverberate in the cybersecurity sector for some time.

Last year, ransomware attacks climbed dramatically, with email still being a prominent point of entry. Meanwhile, credential phishing, another people-focused threat, was the most common type of attack, accounting for majority of all malicious messages. On the threat landscape, increasingly complex business email compromise (BEC) attacks have evolved.

There were also some new pretenders. Steganography, for example, the technique of disguising malicious payloads in images and audio files, was also a very successful.

Let’s take a look at some of the most common forms of people-focused attacks right now and what businesses can do to safeguard themselves.

Ransomware threat on the Rise

Ransomware attacks increased 300 percent last year, according to Proofpoint’s “The Human Factor 2021” report, and in 2021, they have already hit some high-profile targets that have dominated global news headlines for weeks.

Today’s ransomware onslaught appears to be a little different. Where malware payloads used to arrive in the email, they now frequently appear as two-stage attacks.

Also Read: How to Improve Working Relationships between the CISO and the C-Suite

However, because email is still a significant point of entry, this is still very much an attack on the staff. Today, the email contains first-stage malware that serves as a backdoor for a second payload, which is typically transmitted via virtual private network (VPN) connections and remote desktop protocol (RDP).

Because phishing and spam email are still the most common ways for ransomware to spread, it’s critical that all companies prioritize mailbox security with enhanced filtering and threat detection. Before they reach the user, the solution should detect and quarantine harmful attachments, documents, and URLs.

Business email compromise (BEC) attacks 

BEC is not a new concept. It was already on the FBI’s radar, when it was believed to have cost global firms roughly US$3.1 billion in 2016. According to the Proofpoint report, it was responsible for 44 percent of all cybercrime losses last year, costing victims about US$2 billion in reported losses.

This sharp rise in estimated losses is symptomatic of a larger trend. Attacks are getting more focused — and targeting better returns — rather than increasing in volume.

Threat actors spoof C-level domain names to instruct victims to send large sums of money in more sophisticated attacks. To be a highly profitable effort, it only needs to work once.

Visibility is required to combat payload-less threats like BEC. To train machine-learning models to correctly detect and block dangerous messages without misidentifying and blocking good messages, a large and deep set of data as well as human threat expertise is required. To combat targeted email fraud attempts as they evolve, companies should look for a system that combines machine learning with vast threat data and threat analyst expertise.

Steganography in the modern attack landscape 

Although steganography is not a particularly popular attack in terms of volume, it is unrivalled in terms of effectiveness.

Steganography attacks cannot be detected with the naked eye since payloads are buried in plain sight in JPEGs, .wav files, and other similar files. In order to avoid this issue, comprehensive analysis tools must be used to analyse messages for abnormal and malicious data. And, of course, users must be aware and cautious.

Also Read: Three Unexpected Ransomware Costs CISOs Should be Aware of

The need for a people-centric security culture

People must be at the centre of any effective defense, just as they are at the centre of these more common attacks. A multi-pronged strategy is now required for a strong cybersecurity posture – one that incorporates people, processes, and technical safeguards.

Security is a shared responsibility. People should be enabled to understand security and the dangerous behaviours that might lead to breaches at all levels within the company. Training and awareness initiatives are essential, but there is no one-size-fits-all solution. Companies must ensure that their program is designed with the user in mind, making it relevant to both their job and personal lives.