The most common route for malware infections remains social engineering in its various forms: phishing, vishing, etc. Such approaches take advantage of users’ deliberately cultivated willingness to trust communications they receive and to follow the instructions and links such malicious communications carry.
Netskope’s most recent quarterly report on malware observes, “Social engineering as a whole continues to dominate as a leading malware infiltration technique with attackers abusing not only search engines, but email, collaboration apps, and chat apps to trick their victims.” What are the payloads being delivered in these attacks? “As the top two malware types, Trojans accounted for 60% of malware downloads in Q1 and phishing downloads accounted for 13%.”
One interesting, low-key component of social engineering campaigns is the careful use of search engine results. “Netskope uncovered that nearly 10% of all malware downloads in Q1 were referred from search engines.” Attackers are exploiting “data voids” to bring their malicious results to the top of users’ searches. “These downloads mostly resulted from weaponized data voids or combinations of search terms that have very few results, which means that any content matching those terms is likely to appear very high in the search results. This represents just one of many social engineering techniques that attackers are accelerating.”
The malicious downloads have become increasingly difficult to screen out by technical means. "Job number one for attackers is finding new ways to cover their tracks as enterprises put more resources into threat detection, but these findings indicate just how easy it still is for attackers to do so in plain sight," said Ray Canzanese, Threat Research Director, Netskope Threat Labs. "As attackers gravitate towards cloud services that are widely used in the enterprise and leverage popular channels to communicate, cross-functional risk mitigation is more necessary than ever."
Human error and simple user mistakes remain the principal risk to an enterprise facing cyber attacks. Tactics don’t remain static, but rather evolve to take advantage of unfamiliar approaches. Training needs to evolve, or stay ahead, of the tactics used by threat actors. New-school security awareness training can help employee stay alert and safe.
Netskope has the story.