Office macro use collapsed after Microsoft rolled out controls to block them : After almost three decades of service as a popular malware distribution method, Office macros finally began to decline in use after Microsoft updated how its software handles files downloaded from the web.Key findings highlighted in Proofpoint’s 2023 Human Factor Report include: The report draws from one of the industry’s largest and most diverse global cybersecurity data sets across email, the cloud and mobile computing sourced from more than 2.6 billion email messages, 49 billion URLs, 1.9 billion attachments, 28 million cloud accounts, 1.7 billion suspicious SMS messages, and more.įrom complex techniques like multi-factor authentication bypass, to telephone-oriented attack delivery, and conversational threats that rely solely on the attacker’s charm, 2022 was a year of unprecedented creativity among threat actors as they varied attack chains and rapidly tested and discarded delivery mechanisms. The Human Factor is the industry’s most comprehensive report from a single vendor and delves into the new developments across the threat landscape, focusing on the combination of technology and psychology that makes modern cyber attacks so dangerous among the three main facets of user risk-vulnerability, attacks, and privilege. While many threat actors are still experimenting, what remains the same is that attackers exploit people, and they are the most critical variable in today’s attack chain.” “As security controls have slowly improved, threat actors have innovated and scaled their bypasses once the domain of red teams, techniques like MFA bypass and telephone-oriented attack delivery, for example, are now commonplace. “With Microsoft 365 forming a large percentage of the typical organisation’s attack surface, broad abuse of that platform, from Office macros to OneNote documents, continues to shape the broad outlines of the threat landscape,” said Ryan Kalember, executive vice president, cybersecurity strategy, Proofpoint. As COVID-19 medical and economic programs began to wind down, attackers had to find new ways to make a living by honing their social engineering skills, commoditising once-sophisticated attack techniques, and creatively searching for new opportunities in unexpected places.įrom scaling brute-force and targeted attacks on cloud tenants to the surge in conversational smishing attacks and proliferation of multifactor authentication (MFA) bypass, the cyber-attack landscape witnessed significant developments on several fronts in 2022.
, a leading cybersecurity and compliance company, today released its annual Human Factor report, revealing that a fter two years of pandemic-induced disruption, 2022 was a return to business as usual for the world’s cyber criminals. New research provides an in-depth analysis of the modern attack chain and today’s biggest threats
0 kommentar(er)
