October 03, 2019
Nearly all successful email-based cyberattacks require the target to open files, click on links, or carry out some other action.
While a tiny fraction of attacks rely on exploit kits and known software vulnerabilities to compromise systems, the vast majority of campaigns, 99%, require some level of human input to execute. These interactions can also enable macros, so malicious code can be run.
The finding comes from Proofpoint's Annual Human Factor Report, a paper based on 18 months of data collected from the cybersecurity company's customers.
Sometimes it seems easy to blame users for falling victim to phishing attacks, but campaigns are becoming increasingly sophisticated. It's often difficult to distinguish a malicious email from a regular one because attackers will tailor attacks to look as if they come from a trusted source, such as cloud service providers like Microsoft or Google, colleagues, or even the boss.
To read the full article, click hereSource: ZDNet