Security Market Segment LS
Thursday, 10 December 2015 13:58

Click happy users easily fooled in 2016

By
Click happy users easily fooled in 2016 https://www.hoax-slayer.com/free-50-dollar-tim-cards-survey-scam.shtml

Cyber-criminals are moving away from malicious attachments to mobile applications and socila media platforms. A random click to an infected web site is now all you need to be compromised.

That is according to Proofpoint, a global security-as-a-service vendor that delivers data protection solutions and currently serves more than 3,000 global enterprises (over half of the Fortune 100), universities and government agencies, and supports tens of millions of users.

The aggressive incorporation of social engineering techniques highlights the weakness of ‘the human factor’ in the attack chain. People are the targets in 2016: from email, web, social media, and mobile apps, attackers will develop campaigns and vectors that leverage the human factor to bypass increasingly sophisticated detection and response capabilities.

More than ever before, the ease of automating cyber-crime campaigns (off-the-shelf, ‘commodity’ tools), the use of machine learning to identiify victims, rent a botnet by the hour, and a money rich and robust underground cybercrime economy have driven a process of mass customization. This makes for huge malware payloads with the qualities of custom malware that is undetectable by signature and reputation-based defenses, resistant to analysis, stealthy data exfiltration, self-deletion, and the ability to download additional payloads and support lateral movement within the target organization. As a result, broad-based campaigns regularly employ delivery techniques, infection chains, and payloads that easily evade traditional defenses and remain undetected in the compromised organization for months or even years.

Kevin Epstein, vice president of Threat Operations at Proofpoint said “Next year we will see cybercriminals cast a wider net, move away from malicious document attachments and increasingly leverage emerging vectors such as mobile applications and social media platforms. Our six 2016 predictions all have one theme in common—cybercriminals are targeting the people behind devices and are looking to capitalize on their willingness to click.”

Its predictions are interesting. Some are new and some reinforce the message to be vigilant and take care as mobile – iOS and Android – are the new attack vectors in 2016. Read on for its predictions.

1. Cybercriminals will build on their 2015 successes by developing campaigns and exploiting vectors that target user willingness to click across email, social media and mobile applications

2. Attackers will look beyond PCs and other end-point devices and attack high-value financial infrastructure, ATMs, point of sale terminals, new EMV card readers, and payment portals

3. Malicious document attachment campaigns have disappeared almost entirely in the major markets. They will be replaced by a new type of high-volume campaign that combines effectiveness and scalability to target users – links to infected web sites

4. It detected thousands of fraudulent social media accounts that support malware distribution, knock-off product sales, pirated software and more - this trend is expected to spread across all verticals that make use of social media, to steal personal customer data, or organisation financial data

5. It says that more malware will be discovered on official app stores. Malware is being increasingly targeted at enterprises, where malicious behaviour will only activate once inside targeted enterprises, and will not trigger when run by consumers or app store vetting mechanisms

6. Businesses will be increasingly squeezed between the demands of data privacy and law enforcement. The momentum for data privacy and access will shift to the side of law enforcement and intelligence agencies – more bureaucracy and enforcement

 It gives special mention to the darker side of social media. Its value is as a research tool. Proofpoint observed examples of attackers embracing social media as a targeting and delivery vector. Two major trends emerged, and Proofpoint predicts that these will dominate the social media security and management landscape in 2016:

Support account impersonation
Proofpoint Nexgate researchers increasingly see hackers, scammers and pranksters use fraudulent customer care accounts to phish credentials, steal personally identifiable information (PII) and compromise brand reputations. Bank account credential phishing is just the tip of the iceberg when it comes to fraudulent accounts: it has detected thousands of fraudulent social media accounts that support malware distribution, knock-off product sales, pirated software, and even brand pranks. It expects this threat to spread and target customers of businesses in any vertical that makes use of customer accounts, be it to reinforce loyalty or provide services.

Social mobs
Known primarily in the form of the phenomenon ‘Twitter shaming,’  in 2016 social mobs became a challenge for organizations of all sizes. Proofpoint Nexgate researchers are seeing companies of all types targeted with “social mob” attacks. These can be politically motivated, but they are as frequently simply protesting an action or position that the company has taken. These attacks are carried out across all social media, from Facebook and Twitter to even Instagram. As a result of social mob action, a company can receive overnight 25,000 or more negative or unrelated comments on social media, often simply copied and pasted from a central ringleader.

 The good news for organizations is that the strength of social media is also its weakness: that is, the ability to reach a large number of potential victims through a single social media account also makes it easier for organizations to mitigate – with the assistance of purpose-built solutions for social media security and compliance – the threat of social mobs and Support account impersonation through the use of countermeasures ranging from user controls and conversation management to account verification and even takedowns.

Have a great Xmas - with your shiny new malware magnet!

Read 14494 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here




ELASTICON SYDNEY 2024 LATEST ADVANCEMENTS IN GENERATIVE AI

On 20 February, keynote addresses from NAB, Canva, AWS, and Google Cloud, among others, will feature at ElasticON Sydney 2024.

This event will explore the latest advancements in generative AI

The one-day conference, hosted by leading search analytics company Elastic, will include networking drinks, hands-on labs, technical sessions and a stellar line-up of keynote speakers from finance, technology, and government e=sectors.

ElasticON Sydney 2024 promises to be an enriching experience with a comprehensive exploration of the latest developments in security, observability, generative AI and their real world applications

Don't miss out on this opportunity to network and find answers for what's next from your industry peers and leaders


Register for ElasticON Sydney 2024

REGISTER HERE!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

Share News tips for the iTWire Journalists? Your tip will be anonymous

Subscribe to Newsletter

*  Enter the security code shown:

WEBINARS & EVENTS

CYBERSECURITY

PEOPLE MOVES

GUEST ARTICLES

Guest Opinion

ITWIRETV & INTERVIEWS

RESEARCH & CASE STUDIES

Channel News

Comments