Cybersecurity researchers at security firm Proofpoint have today released their 2022 Social Engineering report, which analyses key trends and techniques of socially engineered cyber threats observed over the past year.
The report debunks 5 false assumptions people have about social engineering which are integral to why so many fall victim to these forms of cyberattack, these include:
- The assumption that legitimate services such as those provided by authoritative technology companies like Google and Microsoft are safe to use
- The assumption that threat actors are unaware of email conversations held with colleagues and that those existing conversation threads are safe
- The assumption that threat actors will not spend time building rapport prior to executing attacks, such as by holding regular conversations
- The assumption that threat actors won’t make use of timely, topical, socially relevant content to pique interest or exploit emotions
- The assumption that threats only involve their computer and other technologies such as the telephone
The report references several examples of sophisticated social engineering attacks, including:
A Russian-aligned threat actor masquerading as the wife of Russian opposition leader Alexei Navalny as part of attacks aligned with the Russian state’s objectives
North-Korean aligned threat actor phishing for login details through social engineering campaigns related to nuclear weapon safety and President Joe Biden.
“Despite defenders’ best efforts, cybercriminals continue to defraud, extort, and ransom companies for billions of dollars annually. The struggle with threat actors evolves constantly, as they change tactics to earn clicks from end users,” said Proofpoint vice president of threat research and detection Sherrod DeGrippo.
“Security-focused decision makers have prioritised bolstering defenses around physical and cloud-based infrastructure which has led to human beings becoming the most relied upon entry point for compromise. As a result, a wide array of content and techniques continue to be developed to exploit human behaviours and interests.”
The Proofpoint full report is online here.