In their new "The Human Factor Report 2017" Proofpoint wrote: "Cyber criminals relied less on automated attacks and exploits, shifting instead to social engineering."
The change to social engineering as an attack vector increased the impact and effectiveness of the massive recent ransomware email campaigns. Proofpoint continued: " From email to software as a service, from social media to mobile apps, cyber criminals carried out social engineering at scale.
They further pointed out that: "By the second half of 2016, the shift to human-driven exploits was well-established. A full 99% of email-based financial fraud attacks relied on human clicks rather than automated exploits to install malware."
Users tend to receive the most emails with malicious attachments on Thursdays and they’re most likely to click on messages in the morning purporting to be from the local postal service, according to an analysis of email attacks that has reinforced the importance of time and human factors for cybersecurity protection.
Forget casual Friday: keylogger Mondays and ransomware Thursdays are things now
The bad guys have taken a page out of internet marketing's playbook and are now sending 20.2 percent of malicious emails on Thursdays, followed by Tuesdays (17.6 percent); the other weekdays each saw around 15 percent of phishing emails.
Ransomware and credential-stealing phishing attacks were most common on Thursdays, but banking Trojans spiked on Wednesdays instead, just before payday when they are likely to be accessing their online banking services to check amounts and pay bills.
Keyloggers and backdoor attacks were far more common on Mondays. This timing may be linked to employees returning to work after relaxing or exhausting weekends, then working furiously and perhaps a little carelessly to tackle their to-do lists for the week.
One of Proofpoint's recommendations is: "Teaching employees to beware the latest and most effective phishing lures is important. But attackers can change lures, payloads, and any other aspect of their campaigns overnight. Deploy solutions that can detect a variety of credential phishing attacks through a combination of proactive and real-time URL sandboxing in emails."
We could not agree more.
Your Employees Are Your Last Line Of Defense
Bad guys go for the low-hanging fruit. If you want to spend less time putting out fires, get more time to be proactive, and get the things done you know need to be done, step employees through effective security awareness training.
PS, don't like to click on redirected buttons? Cut & paste this link in your browser: