A new report has claimed that threat actors are increasingly using CAPTCHA challenges (opens in new tab) to trick users into clicking on malicious links.
Compiled by cybersecurity (opens in new tab) and compliance firm Proofpoint (opens in new tab), the report notes that the pandemic and resulting work-from-home (opens in new tab) environment has ensured that people continue to be the most critical factor in cyber attacks.
“In addition to troubling growth in volume and sophistication of ransomware (opens in new tab) and business email compromise (BEC (opens in new tab)) attacks, we discovered massive spikes in lesser-known methods like Captcha techniques and steganography, which proved surprisingly effective,” said (opens in new tab) Ryan Kalember, EVP of cybersecurity strategy, Proofpoint.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
>> Click here to start the survey in a new window (opens in new tab) <<
- Shield yourself with these best identity theft protection services (opens in new tab)
- We've put together a list of the best endpoint protection (opens in new tab) software
- Here's our choice of the best malware removal (opens in new tab) software on the market
In its analysis, Proofpoint notes that the use of Captcha in attacks registered a fiftyfold increase as compared to 2020. The trick was actively used by the financially motivated threat actor TA564 against organizations in Canada.
New attack vectors
Explaining the use of CAPTCHA in malicious campaigns, the report suggests that some attackers use them to ensure they are delivering malware (opens in new tab) to a real user, rather than a security sandbox.
Others, such as TA564, use it to determine their victim’s location based on the IP address to ensure they are targeting people in the correct geographies.
Another less commonly used technique that is slowly gaining popularity with threat actors is steganography (opens in new tab). Attackers use it to embed malicious payloads inside innocent looking files like images. Despite being used in only a handful of campaigns, the technique proved highly effective with three out of every eight recipients clicking on the tainted image.
In all, the report detected over 48 millions messages laced with malware capable of being used as an entry point for ransomware attacks.
Meanwhile, the most common form of attack was credential phishing (opens in new tab), which accounted for nearly two-thirds of all malicious messages, outpacing all other attacks combined. The click-through rate of attachment outpaced all other phishing methods, with an average of one in five users clicking.
The report also shares details about elaborate BEC scams, one of which impersonated C-Level executives and ordered multiple email recipients to transfer sums exceeding $1 million in the name of a phony corporate acquisition.
Arguing that attackers look at the world in terms of connections, relationships and access, Proofpoint argues that an effective security strategy should “consider the individual risk each user represents, including how they’re targeted, what data they have access to, and whether they tend to fall prey to attacks.”
- Protect your devices with these best antivirus software (opens in new tab)