Skip to main content

Even CAPTCHAs aren't safe from hackers any more

scammers
(Image credit: Shutterstock / Brazhyk)

A new report has claimed that threat actors are increasingly using CAPTCHA challenges to trick users into clicking on malicious links.

Compiled by cybersecurity and compliance firm Proofpoint, the report notes that the pandemic and resulting work-from-home environment has ensured that people continue to be the most critical factor in cyber attacks.

“In addition to troubling growth in volume and sophistication of ransomware and business email compromise (BEC) attacks, we discovered massive spikes in lesser-known methods like Captcha techniques and steganography, which proved surprisingly effective,” said Ryan Kalember, EVP of cybersecurity strategy, Proofpoint. 

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

In its analysis, Proofpoint notes that the use of Captcha in attacks registered a fiftyfold increase as compared to 2020. The trick was actively used by the financially motivated threat actor TA564 against organizations in Canada.

New attack vectors

Explaining the use of CAPTCHA in malicious campaigns, the report suggests that some attackers use them to ensure they are delivering malware to a real user, rather than a security sandbox. 

Others, such as TA564, use it to determine their victim’s location based on the IP address to ensure they are targeting people in the correct geographies. 

Another less commonly used technique that is slowly gaining popularity with threat actors is steganography. Attackers use it to embed malicious payloads inside innocent looking files like images. Despite being used in only a handful of campaigns, the technique proved highly effective with three out of every eight recipients clicking on the tainted image.

People-centric vulnerabilities

In all, the report detected over 48 millions messages laced with malware capable of being used as an entry point for ransomware attacks.

Meanwhile, the most common form of attack was credential phishing, which accounted for nearly two-thirds of all malicious messages, outpacing all other attacks combined. The click-through rate of attachment outpaced all other phishing methods, with an average of one in five users clicking.

The report also shares details about elaborate BEC scams, one of which impersonated C-Level executives and ordered multiple email recipients to transfer sums exceeding $1 million in the name of a phony corporate acquisition.

Arguing that attackers look at the world in terms of connections, relationships and access, Proofpoint argues that an effective security strategy should “consider the individual risk each user represents, including how they’re targeted, what data they have access to, and whether they tend to fall prey to attacks.” 

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.