1(630)802-8605 Ravi.das@bn-inc.net

When one thinks of Cyberattacks, the first image that comes to mind is the hacker trying to break through the walls of defense at a business or a corporation and trying to find all that Personal Identifiable Information (PII) that can be covertly hijacked. 

Of course, the intention of this is to ultimately steal money from the unsuspecting victims, or even steal their respective identities for subsequent attacks down the road.

In other words, we very often have the view that the Cyberattacker is doing all this work; that he or she is not getting help or any kind of intervention, except for the hacking tools that they are using.  But if you think about this a bit deeper, the Cyberattacker is getting help in launching their attacks.  But from whom?  Who is this person or entity?  Well, the answer to that question is us, the victim!!!

This finding has substantiated by a recent survey that was conducted by a Cybersecurity company known as “The Human Factor Report”.  Here are some of the key findings from this research:

*More than 99% of the threat vectors that have been launched against Corporate America required some sort of human involvement at the very last stages.  For example, this includes using a few clicks of the mouse in order to execute a macro, open a malicious file, following a link to a spoofed website, or evening opening a Word document that has a malicious payload from within it.

*Most of the threat vectors remain that of Phishing.  Although it is amongst the oldest form of a threat vector, it is still widely used with the many new variants that are coming out from it.  A prime example of this includes Microsoft – nearly 25% of the Phishing attacks were targeted towards this product line, especially the O365 Suite.  Also included in this were Azure and Docusign.

*The Cyberattacker of today is using more than five identities or five “personalities” when they launch their Phishing attacks.  Of course, the more hijacked identities that the hacker has, the more passwords he or she can steal.

*Trojan Horses are still very widely used in terms of a malicious payload that can be deployed.

*The common target for a Phishing attack remains that of the “Very Attacked People”, or “VAP” for short.  These are the lower level titles in a business or a corporation that would have access to company funds, etc.

*The Cyberattacker is trying to mimic as much as possible the normal flow of Email traffic that an organization receives daily.  For example, Phishing Emails are not sent on weekends, but primarily at the beginning of the week, particularly on Mondays.  This trend has been observed to continue onto Tuesdays and Wednesdays as well but tapers off dramatically as the week comes to an end.

*The Cyberattacker is also trying to mimic the click times of their victims.  For instance, the survey found that most employees in Corporate American open their Emails earlier in the day; whereas their European counterparts open their Emails later in the afternoon.

*The study also discovered that the engineering, automotive, and education industries are the most sought after by the Cyberattacker.  On average, businesses in these sectors have been hit on average at least 75 times by Phishing attacks.

My Thoughts on This

The results from this study are not too alarming, in my opinion.  As mentioned, many times, Phishing remains probably the most popular threat vector for the Cyberattacker.  Why is this so?  Well, it is a proven and established attack tools, and in the mind of the Cyberattacker, it is not too difficult to come up with new variants. 

For instance, they can communicate very easily with the other hacking groups on the Dark Web can make a spoofed website look extremely authentic.

I am also not surprised to see the Microsoft product line at the top of the list for a favored attack.  Even to this day, there are many flaws and vulnerabilities that are associated with it, especially when it comes to Word and Excel.  Even more notorious (and not mentioned here) is that of Outlook. 

It too is a very much favored target.  Compounding this problem even more is the fact that many of the patch upgrades that Microsoft releases on their “Patch Tuesdays” (which occur on the second Tuesday of every month) even have flaws in them as well.

But, one trend that I was kind of surprised to read about is that the Cyberattacker is not targeting the C-Suite as much now – rather they are targeting the administrative assistants that have direct access to the crown jewels of the organization.  And that is the financial coffers. 

In this instance, hackers may not send an Email directly, but rather place a call and use various Social Engineering principles in order to lure their bait.  The attacks against the C-Suite are known as a “Business Email Compromise”, or “BEC” for short.  I have not seen too many attacks lately in this regard.

Keep in mind also that the Cyberattacker wants to follow the mainstream when it comes to sending out Emails.  The primary reason for this is that they do not want to become an outlier that can be picked by any Network Security tool.  That is why you are seeing them deliver their Emails at the beginning of the week as opposed to later, and earlier in the morning as well.

The education industry will continue to be a top target for the Cyberattacker.  In fact, I wrote a blog posting just recently about how college students here in the United States are being lured with sophisticated Phishing Emails.  One of the reasons why this sector is such a top target is that colleges and universities try to maintain a sense of openness and collaboration amongst faculty and students.  As a result, this creates an open vacuum for the Cyberattacker to easily penetrate into.

So, in the end, it is not really the Cyberattacker going straight after the gusto – they are getting help to get what they want, and that is coming from the unsuspecting victim.  Remember, humans are very often called the weakest in the security chain – but they don’t have to be. 

In these cases, they can be both the first line as well as the very last lines of defense, provided that are receiving adequate training and are motivated to maintain good levels of “Cyber Hygiene.”

Finally, more details about this survey can be seen here:

https://www.proofpoint.com/us/resources/threat-reports/human-factor