Human Factor 2023

The 2023 Human Factor Report Analyses Threats in the Cyber Attack Chain

Share with your network!

In the latest edition of our Human Factor report, launching today, we take our closest ever look at developments in the cyber attack chain. After two years of pandemic-induced disruption, many parts of the world have returned to something close to business as usual. And for cyber criminals, that means getting back to innovating, iterating and broadening their range of attacks.

Drawing on one of the largest data sets in cybersecurity and insights from our global team of researchers, Human Factor 2023 explores a year of extremes. Highly complex techniques became commoditised, but some of the biggest individual losses arose from nothing more than a friendly, persuasive conversation. As usual, we view all of this through a people-centric lens, looking at the social engineering tactics attackers used to undermine defences.

Here are a few key themes from this year’s report.

Microsoft mixes things up

After almost three decades as a popular malware distribution method, Office macros began to decline in use after Microsoft updated how its software handles files downloaded from the web. The changes have set off an ongoing flurry of experimentation by attackers to find alternatives.

Emotet is back on top

Law enforcement action took the prolific Emotet botnet offline for most of 2021. But last year the habitual volume leader roared back to top the charts once more, sending over 25 million messages. Despite this, Emotet's presence has been intermittent, with the group also showing signs of lethargy in adapting to the post-macro threat landscape. Whether they can keep their crown through 2023 remains to be seen.

SocGholish hits the big time

With a novel distribution method involving drive-by downloads and fake browser updates, SocGholish pushed into the top-five malware by message volume. Last year the group was able to infect some high-profile websites, meaning that large amounts of legitimate email linking to those sites put users at risk. 

Attackers get chatty

Conversational threats, which start with attackers sending seemingly harmless messages, surged last year. In some mobile verticals it was the year’s fastest-growing threat, seeing a twelvefold increase in volume. And speaking of conversations, telephone-oriented attack delivery (or TOAD for short) peaked at 13 million messages per month.

Multifactor Maladies

New phishing tools have emerged that allow attackers to bypass the multifactor authentication many organisations use to keep credentials secure. These techniques already account for hundreds of thousands of malicious messages each month.

Active Directory Anxiety

Even a single compromised account can leave organisations exposed to domain-wide ransomware and data theft. As many as 10% of endpoints have an unprotected privileged account password with 26% of those having domain admin privileges.

Get the full story

Every day, Proofpoint analyses billions of email messages, URLs and attachments for our global customer base. The Human Factor report draws on analysis of that data by our team of expert threat researchers. 

To read more of their insights, download the full report.