Study reveals top security trends of 2015

So far, 2015 has seen its fair share of security news, good and bad (although with security news, the bad often far outweighs the good). And with the benefit of hindsight, we can now take some time to look back on these developments to find top trends so far this year – and what should be on your mind going forward. 

According to Proofpoint, there have been four major trends in the first half of 2015. Here they are, along with what it will mean for your business.

Trend 1: Attachment-based campaigns

In 2015, hackers seemed to prefer a different vector for attacks than in the past. Rather than relying on URL-based attacks, they went with email attachments to deliver malicious payloads.

It makes sense. Less-secure, infrequently updated web browsers have lost market share to the likes of Google Chrome, Mozilla Firefox and the new Microsoft Edge (though how secure that is remains to be seen).

Also according to Proofpoint, they’re popular because they can be used to deliver “malicious macros,” attachments containing payloads of malware. Usually these come in the form of Word documents that, once downloaded, prompt users to download other programs in order to view them.

This attack requires users to take action themselves, too – downloading the file – which may evade automatic defenses designed to deliver drive-by malware.

Best bet: Educate users on phishing techniques, and encourage them never to open attachments from people they don’t know.

Trend 2: Phishing targets business users

As hackers continue to refine and hone their attacks, they’ve gone from generic messages to those aimed squarely at the business community.

Examples of phishing attempts geared toward businesses are:

  • fake invitations to connect on LinkedIn or other work networks
  • financial account warnings, such as balance or transaction updates
  • confirmation for orders not placed, and
  • fake voicemail or fax notifications.

These messages would often be designed to look like they were coming from the C-level – which users would take as a signal they should reply right away or pay careful attention.

Best bet: Remind users that no matter how urgent a message seems, they should take a second or two to consider the source and check that it’s actually being sent from someone they know.

Trend 3: Social media malware tied to specific events

Social networks are their strongest when people are all focusing on the same event: big games, holidays, current events, etc.

That brings out hackers who attempt to leverage this audience into getting victims to click and share their content. For instance, during the Super Bowl, hackers would share fake links to live streams on the NFL’s page.

Attacks like these don’t just hurt the users who are fooled, they also can lead to frustration with your company’s brand if that’s the page the malware was delivered from.

Best bet: Make sure you have an overall social media strategy that includes keeping your corporate page locked down and advise users to avoid social media pitfalls.

Trend 4: Decreased volume of unsolicited messages

Unsolicited emails – oh, let’s stop beating around the bush and call it spam – is on the decline. While there’s certainly a lot of instances where companies have been brought down by email campaigns, it’s usually not from a blast of spam messages.

More successful: targeted, highly-focused phishing messages that are coupled with intelligence-gathering techniques.

This strategy is the new normal, and it’s also more likely to avoid spam email filters.

Best bet: Warn users that while they should still be wary of poorly spelled messages promising untold millions in exchange for bank account information, the biggest threat may actually be from a seemingly innocent email request or attachment.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy