Remote work, supply chains, commercial clouds offer threat actors social engineering opportunities to trick people into doing their bidding. Credit: SpiffyJ / Getty Images Threat actors exhibited “ceaseless creativity” last year when attacking the Achilles heel of every organization—its human capital—according to Proofpoint’s annual The Human Factor 2022 report. The report, released June 2, draws on a multi-trillion datapoint graph created from the company’s deployments to identify the latest attack trends by malicious players.“Last year, attackers demonstrated just how unscrupulous they really are, making protecting people from cyber threats an ongoing—and often eye-opening—challenge for organizations,” Proofpoint Executive Vice President for Cybersecurity Strategy Ryan Kalember said in a statement.The combination of remote work and the blurring of work and personal life on smartphones have influenced attacker techniques, the report notes. During the year, SMS phishing, or smishing, attempts more than doubled in the United States, while in the U.K., 50% of phishing lures focused on delivery notifications. An expectation that more people were likely working from home even drove good, old-fashioned voice scams, with more than 100,000 telephone attacks a day being launched by cybercriminals.Insider threat risk increasedThe report also found that risks posed by insider threats continue to increase. “Long-term hybrid work and the influx of incoming and outgoing employees from the ‘Great Resignation’ has exacerbated the risks posed by insider threats,” Proofpoint Vice President of Threat Research and Detection Sherrod DeGrippo tells CSO. “There’s a lot more uncertainty around proper protocol, what data is or is not off-limits, and what the proper channels are that one should use.” Supplier risks include fake requests, phishingSupply chain attacks were another significant development during the year. In any month, Proofpoint says 80% of its customers receive a threat that appears to come from one of its suppliers. That’s only slightly lower than its customers who receive any kind of threat. However, the report notes that supply chain threats are different from other kinds of threats because they’re mostly phishing or imposter attacks, and rarely involve malware.“Supply chain attacks via software or hardware vendors as well as third-party vendors are skyrocketing. It’s no surprise that 80% of businesses are attacked by a compromised supplier account on a monthly basis,” Rajiv Pimplaskar, CEO of SASE provider Dispersive Holdings, tells CSO. Highly privileged users targetedAs might be expected, the report’s researchers found that users with the highest privileges in an organization were also the most highly targeted by attackers. Managers and executives make up only 10% of overall users within organizations, it notes, but represent almost 50% of the most severe attack risk.Threat actors leverage cloud providersThe researchers also report that adversaries are also corralling commercial cloud providers into their malicious schemes. One group, called TA571 by Proofpoint, will distribute emails with a link to a ZIP file hosted by OneDrive or Google Drive. When the compressed folder, which contains an Excel file, is opened, it drops URSNIF malware on a system, if macros are enabled in Excel.In the vast majority of cases, human factors matter more than the technical specifics of an attack, the researchers maintain. Cybercriminals are looking for relationships that can be leveraged, trust that can be abused, and access that can be exploited.Mitigating human factor attacksThe researchers recommend organizations deploy a solution that gives them visibility into who’s being attacked, how they’re being attacked, and whether they clicked on something malicious. Consider the individual risk each user represents, including how they’re targeted, what data they have access to, and whether they tend to fall prey to attacks.“Organizations must find ways to leverage technology to solve these problems at scale before a human user is forced to be put on the front line,” DeGrippo says. “We cannot expect individuals to be the lone protection against attacks from operationalized and organized threat actor groups.” Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe