The Proofpoint Threat Report examines threats, trends, and transformations that Proofpoint researchers observe in the threat landscape. The Threat Report for the quarter covering the July-September 2015 timeframe shows that cybercriminals did not take the summer off. The top findings of Proofpoint research for the quarter include:
- Campaigns distributing the Dridex banking Trojan dwarfed other malware payloads in volume, and continued to innovate with adaptations in attachment formats, document templates, obfuscation, and other infection techniques.
- The September pause in Dridex activity demonstrated the speed with which threat actors can adapt and change payloads and delivery methods.
- Threat actors behind highly targeted attacks continue to leverage email as the preferred vector for gaining a foothold in their targeted organizations. In particular, the continued increase in phishing activity known as “Business Email Compromise” (BEC), also referred to as “wire transfer fraud,” reached a level sufficient to provoke a warning from the FBI to organizations about this threat.
- Angler dominated the exploit kit landscape, with only four others (Neutrino, Nuclear, Magnitude, and RIG) accounting for most of the rest of the EK activity. However, new exploit kits continue to enter the space and integrate the most recent exploits, creating more options for threat actors and a wider variety of threats confronting organizations.
- Fraudulent social media account activity has become a major risk for organizations and individuals, as attackers aggressively embrace techniques for hijacking customer support conversations to steal personal and financial information.
- Data breaches dominated the headlines in the information security world in Q3, with multiple high-profile breaches exposing not only highly sensitive personal information of up to 35 million individuals, but also details of several previously undisclosed zero-day exploits that quickly made their way into exploit kits and other threat actor tools.
Organizations need to take action to defend themselves against this wide range of threats; immediate actions include:
- Adopt advanced threat solutions to identify and block targeted attacks that travel over email, the #1 threat vector.
- Deploy automated incident response capabilities to rapidly identify and mitigate infections, including detecting and blocking command and control (C2) communication of infected systems.
- Patch client systems for all known operating system and application vulnerabilities to protect against aggressive exploit kits that reach clients via email, malvertising, and drive-by downloads.
- Update both email gateway rules and internal financial controls in order to improve resistance against wire transfer fraud scams.
- Police social media activity for potentially fraudulent accounts that can hijack conversations with customers and steal personal and financial information.
Read the complete analysis and recommendations for protecting your organization and employees.