Threat Hub
The Proofpoint threat research team has access to the one of the largest, most diverse data sets in all of cybersecurity. We’re bringing you the highlights every week, right here at the Threat Hub.
The 2022 Social Engineering report explains how attackers exploit human behavior. And Lockbit ransomware gets into the bug bounty game.
This week on The Threat Hub: Zero-day vulnerabilities and clever exploits might make the headlines. But as our 2022 Social Engineering report shows, most cyber attacks succeed because of a few basic bugs in human behavior:
- We want to trust people when they say they're here to help us
- We worry about losing out when resources or time are limited
- We tend to defer to people who seem to have authority over us
The methods attackers use to exploit these bugs are called “social engineering,” and they are a component of the majority of threats seen by our researchers.
As people get better at identifying phishing attempts and other malicious emails, social engineering techniques have to evolve to keep up. In this new report, Proofpoint’s Threat Research team give the lowdown on the latest tactics and highlight some common misconceptions about how cyber criminals use our cognitive biases against us. The report explores how attackers build trust through lengthy conversations, how they capitalize on topical themes, and how they make use of trusted companies’ services to achieve their aims. The report is available to download as a PDF, and contains detailed examples from our data illustrating all of these techniques and more.
And on this week’s Five-Minute Forecast, FTC advises LGBTQ+ dating app users to be wary of extortion, Yodel deliveries disrupted by cyber attack in the U.K., and senior threat intelligence analyst Selena Larson discusses the latest social engineering strategies.
Finally, a quick programming note to say that we'll be taking a short break next week. Normal service will resume on July 13.
Threat actors target business functions based on the value of the information, systems and assets they manage. As this chart from Human Factor 2022 shows, departments dealing with money and people face a much higher risk of attack.
Get the reportEquip your team with threat intelligence
Go Deeper with our Premium Threat Info Service
Connect with threat analysts, understand threats with intelligence specific to your situation, and gain 24/7 visibility into the latest threat discoveries.
Learn MoreDrawing on insights and data from our products and researchers, the Human Factor tells the story of a year when cybersecurity jumped from the tech page to the front page. Our annual threat report explores user trends from our uniquely people-centric lens. See how vulnerabilities, attacks and privilege are transforming the threat landscape.
In 2021 the spotlight of global attention fell on cyber criminals like never before. In our first semiannual threat update, we explore new techniques and old tricks in a rundown of the year's biggest themes and schemes.
About The Threat Research Team
Our threat researchers are responsible for tracking shifts in the cybersecurity landscape, identifying new attacks as they emerge, and monitoring how threat actor tactics, techniques and procedures change over time. The threats they detect and the signatures they write feed into our platforms and are keystones in a system that analyzes more than 2.6 billion emails, 49 billion URLs and 1.9 billion attachments every single day.
By studying what cyber criminals are doing now, our threat researchers are better able to anticipate what they’ll do next. Every day, their work keeps our customers protected—not just from today’s attacks, but tomorrow’s threats as they evolve.
Browse the threat hub
Subscribe to the Proofpoint Blog