FireEye email threat report reveals increase in social engineering attacks.
(C)1994-2019 M2 COMMUNICATIONS http://www.m2.com
FireEye, Inc. (NASDAQ: FEYE), the intelligence-led security company, has released the results of its Q1'19 Email Threat Report, the company said.
After analyzing a sample set of 1.3 billion emails, FireEye found increases in three main areas: spoofed phishing attempts, HTTPS encryption in URL-based attacks, and cloud-based attacks focused on publicly hosted, trusted file-sharing services.
In the report, FireEye observed several important trends:
Phishing Attacks Rose by 17%: A typical phishing email impersonates a well-known contact or trusted company to induce the recipient to click on an embedded link, with the ultimate goal of credential or credit card harvesting. During Q1'19, FireEye saw these type of attacks increase by 17% over the prior quarter. The top spoofed brands across these activities included Microsoft, with almost 30% of all detections -- followed by OneDrive, Apple, PayPal and Amazon, each within the 6-7% range.
Use of HTTPS in URL Based Attacks Climbed 26%: In 2018, FireEye reported that URL-based attacks had overtaken attachment-based attacks as a means of delivery. This trend continued in Q1'19. Notably, FireEye saw a 26% quarter-over-quarter increase in malicious URLs using HTTPS. This indicated malicious actors are taking advantage of the common consumer perception that HTTPS is a "safer" option to engage on the Internet.
File Sharing Services Exploited to Deliver Malicious Payloads: Cloud-based attacks, particularly those leveraging file-sharing services, increased in Q1'19. Analysis of Q1'19 emails showed a dramatic increase in links to malicious files posted to popular and trusted file-sharing services, such as WeTransfer, Google Drive and OneDrive. Dropbox was the most commonly used.
New Impersonation Variants Focused on Payroll and the Supply Chain: Threat actors continued to increase their usage of CEO impersonation fraud. They also diversified their approach. Historically, this cyber "cash cow" attack has targeted an organization's Accounts Payable department with a spoofed email from the CEO or other senior leader.
Over the last quarter, FireEye observed threat actors increasingly using two new variants:
Payroll: This new variant targets an organization's Payroll department with an email requesting changes to an executive's personal data, such as bank details, with the objective of diverting an executive's salary to a third-party account.
Supply Chain: This new variant targets the Accounts Payable department by impersonating an email from a trusted supplier (instead of the CEO or senior executive) to re-route a fraudulent payment to a third-party account.
The FireEye Email Threat Report is the result of FireEye's analysis of a sample set of 1.3 billion emails from January through March 2019. For more information about the latest malicious content delivery tactics, impersonation techniques, and URL based attacks, download the full FireEye Email Threat Report at https://www.fireeye.com/offers/rpt-email-threat.html
FireEye is the intelligence-led security company. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant[R] consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks. FireEye has over 7,900 customers across 103 countries, including more than 50 percent of the Forbes Global 2000.
((Comments on this story may be sent to firstname.lastname@example.org))
|Printer friendly Cite/link Email Feedback|
|Date:||Jun 28, 2019|
|Previous Article:||MATRIXX Software, Linux Foundation Networking to advance next generation of telco services.|
|Next Article:||Vubiq Networks gets waveguide patent.|