In cybersecurity, it typically doesn’t matter how much code is in place to protect individuals if they don’t use prudence and vigilance to stop themselves from falling victim to attacks.
This wisdom appears to be true even when referring to the cryptocurrency community and mining malware, according to a report by cybersecurity company Proofpoint.
“Email remains the top attack vector. Threats range from spam that clogs inboxes and wastes resources to email fraud that can cost organizations and people millions of dollars… And mainstream interest in cryptocurrency is driving advances in malware and new approaches to phishing and cyber crime,” the company wrote in its latest Human Factor Report.
Proofpoint found that up to 95% of attacks through fake browser and plugin updates used social engineering to trick people into installing malware and willingly executing it on their computers.
All of this might also be due to the fact that suspicious and impostor domains outnumbered their brand-registered counterparts by a factor of 20. A user that sees a piece of software coming from what they perceive as a legitimate company is more likely to click on it.
The report also found that more than half of attacks carried out on social media come from spoofed customer support accounts, although the rest of it might be attributed to the way that malware propagates through social media using known contacts of an infected person.
In email attacks, we can see the highest rate of growth in the number of cryptomining malware infections.
“Observed network traffic of coin mining bots jumped almost 90% between September and November . This threat activity closely mirrored the rise and fall of the value of Bitcoin,” the report added.
Although we already know that instances of cryptojacking are at an all time high thanks to reports from Symantec, there wasn’t yet a lot of insight into how these attacks are carried out.
It turns out that humans continue to be the greatest vulnerability in any system, meaning that companies may have to begin constructing new policies lest they lose most of their computing resources to cryptojackers.