SecurityBrief EMEA logo
Cybersecurity and threat news for Europe, the Middle East & Africa
Story image
The attack surface: 2019's biggest security threat
Story image
Opinion: Cybersecurity as a service answer to urgent change
Story image
New threat rears its head in new malware report
Story image

Email fraud increased by 476% in last year - Proofpoint

08 Feb 2019
Newsdesk

Cybersecurity and compliance company Proofpoint has today released its Q4 2018 Threat Report, highlighting the threats and trends across Proofpoint’s global customer base and in the wider threat landscape.

One of the most notable trends centres on the rapid increase of email fraud attacks, also known as business email compromise.

Overall, Proofpoint researchers observed that the number of email fraud attacks against targeted companies increased 226% between Q3 2018 and Q4 2018, and 476% when comparing Q4 2017 and Q4 2018.

Proofpoint Asia-Pacific and Japan vice president Tim Bentley says, “Email fraud has seen explosive growth and it’s clear that today’s cybercriminals are relentlessly targeting people, rather than infrastructure.”

“As these threats continue to grow in volume and sophistication, it is imperative that organisations implement a people-centric security approach that includes a comprehensive email fraud defence and security awareness training.

“Ultimately, organisations must consider the individual risk each user represents, and understand how they are targeted, in order to better protect them.”

Every day, Proofpoint analyses more than five billion email messages, hundreds of millions of social media posts, and more than 250 million malware samples

Additional Q4 2018 Proofpoint threat findings

Banking Trojans remained the top email-borne threat in Q4 2018, making up 56% of all malicious payloads.

Of those, 76% were classified as Emotet.

Remote access Trojans accounted for 8.4% of all malicious payloads in Q4 and 5.2% for the year, marking a significant change from previous years in which they were rarely used by crimeware actors.

Social media channels remain key vectors for fraud and theft.

While the platforms themselves continue to develop automated protections, social media fraud remains a key challenge for consumers and the brands in which they interact, with fraudulent social media support account phishing, or ‘angler phishing’, increasing by 442% year-on-year. Interestingly, phishing links on social channels continue to drop as platforms address this issue algorithmically.

Steps to improve cybersecurity efforts

Organisations can further protect themselves in the coming months by taking the following steps:

  • Assume users will click – Social engineering is increasingly the most popular way to launch email attacks and criminals continue to find new ways to exploit the human factor. Leverage a solution that identifies and quarantines both inbound email threats targeting employees and outbound threats targeting customers before they reach the inbox.
     
  • Build a robust email fraud defence – Highly-targeted, low volume business email compromise scams often have no payload at all and are thus difficult to detect. Invest in a solution that has dynamic classification capabilities that you can use to build quarantine and blocking policies.
     
  • Protect your brand reputation and customers – Fight attacks targeting your customers over social media, email, and mobile—especially fraudulent accounts that piggyback on your brand. Look for a comprehensive social media security solution that scans all social networks and reports fraudulent activity.
     
  • Partner with a threat intelligence vendor – Smaller, more targeted attacks call for sophisticated threat intelligence. Leverage a solution that combines static and dynamic techniques to detect new attack tools, tactics, and targets—and then learns from them.
     
  • Train users to spot and report malicious email: Regular training and simulated attacks can stop many attacks and help identify people who are especially vulnerable. The best simulations mimic real-world attack techniques. Look for solutions that tie into current trends and the latest threat intelligence.
More:
Share on: LinkedIn Twitter Facebook
Story image
The attack surface: 2019's biggest security threat
Story image
Opinion: Cybersecurity as a service answer to urgent change
Story image
New threat rears its head in new malware report
Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
Facebook fights fake news ahead of Africa elections
“We also show related articles from fact-checkers for more context and notify users if a story they have shared is rated as false.”
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.
Opinion: 4 Ransomware trends to watch in 2019
Recorded Future's Allan Liska looks at the past big ransomware attacks thus far to predict what's coming this year.
Story image
Red Box gains compliance boost with new partnership
By partnering with Global Relay, voice platform provider Red Box is improving the security of its offerings for high-value and risk voice data.
Story image
New digital world causing concern for IT auditor recruitment
Nearly 2/3s of organisations say the tech skills gap is already impacting IT audits. A new study identifies the top five skills auditors seek.
Story image
Microsoft, DigiCert, Utimaco tackle quantum computing threats
The algorithm could bring the world one step closer to a secure internet of things.
Story image
Germany watchdog calls out Facebook's 'abuse of power'
Bundeskartellamt asserts that Facebook must ask for consent from all users to collect data from within Facebook-owned services and third party websites – or face heavy restrictions on data collection.
Story image
Migration away from on-prem data centres stalled by security
Despite the surging cloud adoption that is rife around the world, a new study has revealed there’s still a lack of understanding around security.
Link image
Whitepaper: Securing your organisation against business email compromise
Discover how to secure your email gateway and prevent malware entering your system.
Learn More
Download image
Whitepaper: Ransomware is evolving – how is your security keeping up?
Kaseya explores how automation and integration can help organisations stay ahead of security threats.
Download
Story image
Threat prioritisation feature announced for Tenable platforms
Predictive Prioritisation enables organisations to focus on the three percent of vulnerabilities that have been or will likely be exploited in the next 28 days.
Story image
Uganda Police Force uses biometrics to catch criminals
Police in Uganda are using biometric data and solutions to help them identify suspects and solve crimes in a more efficient way.
Story image
The top technologies shaping future ‘proactive’ cybersecurity
Frost & Sullivan has highlighted emerging technology trends that are set to change the way enterprises protect themselves against cybercrime.
Story image
Ziften extends proprietary AI/ML security across all endpoints
AI and ML algorithms now work throughout all phases of the Zenith cybersecurity platform.
Download image
The 3 essential elements to consider with SaaS security
Speed, ease of use, and low capital expenses are just some of the factors driving the continued growth in SaaS security adoption.
Download
Download image
Product review: LogRhythm CloudAI a revolutionary tool
SANS has provided an independent review of a new AI analytics solution designed to rescue businesses 'drowning in data' from SIEM platforms.
Download
Story image
OneSpan uses AI to tackle financial account fraud
Its new solution uses machine learning to protect online and mobile channels, as well as meet compliance requirements for transactional risk analysis
Story image
Report finds automotive industry seriously wanting in cybersecurity
Findings from a new report have laid the automotive industry’s cybersecurity practices bare after highlighting critical cybersecurity deficiencies.
Story image
Personalisation more important than privacy for Gen Z
Gen Z doesn’t just use the internet to connect them, entertain them, sell to them, and build their digital brand, they expect it to.
Story image
Massive jump in email fraud targeting healthcare - Proofpoint
The report analyses more than 160 billion emails sent across 150 countries in both 2017 and 2018 to identify email fraud attack trends.
Story image
88% of businesses breached in the last year - Carbon Black
The report analyses survey results from different vertical sectors, organisation sizes and IT team sizes to build a picture of the attack and cyber defence landscape.
Download image
Navigating the complicated world of DNS security
Over the years, DNS, both the protocol and the servers, have become the target of a variety of attacks, including the Lion worm.
Download
Download image
Whitepaper: The key to maximising office space efficiency
Most offices worldwide are approximately 50% under-utilised on any given day, causing issues for facility management in understanding the number of people in a facility.
Download
Story image
Four ways the technology landscape will change in 2019
Until now, organisations have only spoken about innovative technologies somewhat theoretically. This has left people without a solid understanding of how they will ultimately manifest in our work and personal lives.
Download image
Digitally transform or fall behind - 3 key points to remember
In this report Unisys details three key areas focus on when implementing a successful digital transformation as with every opportunity comes risk.
Download
Download image
From magstripe to mobile: The evolution of access management
HID Global examines solutions available today, the future of mobile access, and why it’s critical to ensure that each component of the access control ecosystem is as secure as possible.
Download
Story image
Veritas strengthens AWS partnership with new competencies
Veritas NetBackup and Backup Exec now support multiple AWS storage classes.
Story image
GDPR: 59,000 breach reports, 91 fines and counting
Google was fined €50 million earlier this year – the biggest fine to date under the GDPR.
Story image
Legacy applications a ‘healthcare cybersecurity nightmare’
A new whitepaper launched today that sought to bring light to just how dire the cybersecurity situation with hospitals really is.
Story image
Report finds average DDoS attack volumes have trebled in past year
"The increase in the impact and complexity of attacks continues unabated," says Link11 COO Marc Wilczek.
Story image
Security flaw in Xiaomi electric scooters could have deadly consequences
An attacker could target a rider, and then cause the scooter to suddenly brake or accelerate.
Download image
Report: How IT Is responding to digital disruption and innovation
Today “every company is in the software business" to get a competitive edge, and this survey reveals how app dev is affecting IT teams.
Download
Story image
Email fraud increased by 476% in last year - Proofpoint
As these threats continue to grow in volume and sophistication, it is imperative that organisations implement a people-centric security approach.
Download image
The ultimate playbook for DNS infrastructure
Advanced DNS solutions can bring legacy systems into the modern age and protect against these potentially crippling DNS attacks.
Download
Story image
Honeywell upgrades USB protection for ICS environments
Industrial cybersecurity provider Honeywell has doubled down on its protection against USB-based threats towards industrial operators.
Story image
Interview: Inside the crybercriminal gig economy for bots
Techday spoke to Akamai Asia Pacific security technology and strategy head Fernando Serto about how organisations are being impacted.
Story image
CrowdStrike opens endpoint protection platform to third-party apps
The CrowdStrike Store leverages the cloud for both scale and telemetry, enabling applications to deliver faster, smarter, and more effective solutions.
Story image
Frost & Sullivan: Big data is key to preventing cyber breaches
“This technology can proactively predict breaches before they happen, as well as uncover patterns from past incidents to support policy decisions."
Story image
Illumio eyes global expansion with $65m in the bank
"Regardless of industry or size, every organisation has crown jewel or regulated assets running in their environment."
Story image
Palo Alto changes up partner programme
The changes include a dedicated programme for managed services providers and a raft of new processes and initiatives.
Story image
Facial recognition tech can identify partial images of people
We’re now at the point where technology doesn’t even need an entire image of someone to identify them.
Story image
Security and mobility app adoption increasing - Okta
The fastest-of-the-fastest growing apps focus on identity-driven security, indicating that companies are taking Zero Trust seriously.
Download image
Mobile security: A case of risk versus reward?
Neither restricting productivity nor accepting tremendous mobile security risk is a viable option.
Download
Story image
French cyber startup Alsid reaches out to Asia Pacific
French cybersecurity startup Alsid is setting its sights on the vast market opportunities in Asia, and Hong Kong is its initial base of choice – because it’s an attractive target for cyber attacks.
Story image
Cybercrime tools and services becoming increasingly democratised
Findings from Check Point's new report reveal a concerning trend as cybercrime grows increasingly well-managed and accessible.
Download image
Whitepaper: How Philips drives security and privacy in healthcare
Personal data within healthcare records is most valuable, as it can be used, for example, for various malicious purposes.
Download
Download image
Study: Is it possible to detect breaches as they happen
Breaches often happen when businesses least expect them, causing slow reaction times and possibly catastrophic loss.
Download
Story image
Norwegian security firm thwarts state-sponsored attack by APT10
Norwegian cybersecurity firm Visma is accusing a Chinese state-sponsored attack group (APT10) of allegedly attacking their systems and engaging in cyberespionage.
Story image
European Commission urges recall of children's smartwatch
If you’ve been on a trip to Germany recently and picked up a few gifts for the family, you might want to take note if you happened to by the Enox Safe-KID-One smartwatch for children.
Story image
Webroot to be sold for $618.5m
Webroot is about to be sold to data protection firm Carbonite for US$618.5 million after the two companies entered into a definitive agreement this week.
Story image
Dell EMC expands multicloud data protection capabilities
According to IDC, 92% of organisations have adopted a cloud environment with 64% adopting a multi-cloud approach.
Story image
617 million stolen records up for sale on dark web
It may not be the first time the databases have been offered for sale.
Story image
Huawei to Poland: 'We'll build a cybersecurity centre if that's what it takes'
Huawei says it will build a cybersecurity centre in Poland if that’s what it takes to convince the world that it’s a trustworthy organisation.
Download image
Whitepaper: Three quick ways security teams can unlock the executive budget
Boards and Executives who normally approve funding for IT Security speak the language of ROI, NPV, etc.
Download
Download image
Case Study: Infoblox protects the network that hosts City University’s curriculum
After recovering from a ransomware attack, City University began to work with Infoblox to bring its network security to the next level.
Download
Story image
Bug makes Android phones hackable via PNG image files
This means any application handling PNG files that have been carefully crafted by an attacker can end up running the attacker’s code.
Download image
Whitepaper: How to secure your data in a remote world
Gartner predicts that 80% of worker tasks will take place on a mobile device by 2020.
Download
Download image
Are you building (or breaking) digital trust?
Business leaders can wait and be forced to respond to market change, or they can embrace digital and lead market change themselves.
Download
Download image
Whitepaper: Remote working is great – but is it a security time-bomb?
Simply extending current PC security controls to a mobile fleet is ineffective.
Download
Story image
Google's new Chrome feature warns about compromised logins
This week Google released extra measures in a bid to provide better security for its users’ data.