View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Middle-managers hit by shapeshifting hackers

Cybercriminals adopt new tactics to thwart education efforts.

By Jimmy Nicholls

Hackers are shifting their attacks to middle-managers in a bid to steal more cash from corporations, according to the security vendor Proofpoint.

Despite starting last year reliant on social media lures, the cybercriminals were found orienting their campaigns towards business and financial access, with schemes involving social media falling by 94%.

Kevin Epstein, VP of advanced security and governance at Proofpoint, said: "The only effective defence is a layered defence, a defence that acknowledges and plans for the fact that some threats will penetrate the perimeter.

"Someone always clicks, which means that threats will reach users."

In further evidence of a move away from opportunistic campaigns, the hackers behind the campaigns investigated by Proofpoint were found finely adapting their strategy to hit the intended target.

The vendor found the hackers had upped their use of attachments, e-fax and voicemail, and were also sending their messages to correspond to when targets were sending and receiving lots of emails.

Even though cybersecurity staff persistently warn about spam messages, one in 25 of the malicious emails found by Proofpoint had their links clicked.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Departments like sales, finance and procurement were also said to be 50-80% more likely to click on bad links than other parts of the business.

"Every company still clicks; every department and industry is still at risk (though financial industries and sales and marketing continue to be the top target areas)," Proofpoint said.
"Attackers continue to shift tactics to play on human weaknesses as they siphon money and data from organisations."

The company argued that workers’ training in spotting previous signs of malicious emails had been undermined because of the development of new tactics.

Among the tactics used to steal credentials was a phishing page that spoofed Microsoft Outlook Web Access, a widely used remote login system for email.

"The central lesson of 2014 for CISO’s [chief information security officers] is that while user education may have an impact, attackers can always adapt and adjust their techniques more rapidly than end-users can be educated," Proofpoint said.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.