The more things change, the more things stay the same -- at least for hackers. That's one of the finding in Proofpoint's mid-year threat report on the attacks of choice for the first half of 2015.
In addition to the return of an old friend, the cybersecurity company also found more targeted attacks towards businesses, heightened activity around social media and a shift in the volume and accuracy of the bad stuff that ends up in your inbox, looking to take your money.
Click the attachment
They're baaaaaack – email attachments that infect a computer once clicked upon, that is.
"Human beings have short memories," says Kevin Epstein, vice president of advance security and governance at Proofpoint. "It's fresh again."
Attachments were last an issue in 2006, according to Proofpoint. Users today have been drilled to avoid clicking on unknowing URLs, putting attachments in the back of our minds.
"No one remembers a few years ago when it was 'don't click on attachments.' What's old is new again, and unfortunately from a security perspective, that's bad," he adds.
Proofpoint found that malicious attachments started popping up again in October 2014, and then hit full force in the beginning of 2015. Most attachments have been Microsoft Word documents with malicious macros that required user interaction in order to execute.
Target the bean counters
Hackers aren't sending attachments to everyone, though. The difference in this reincarnation of a tried-and-true tactic is that cybercriminals are targeting businesses, and sometimes masking as requests or files coming from within the company. They’re even sending them at a time when you'd expect to receive such a missive. "We see the highest point of entry on Tuesday at 10 a.m. local time, when everyone is really busy," Epstein says.
Clay Calvert, director of cybersecurity for MetroStar Systems, says that hackers are often searching for the names of comptrollers or CFOs from company websites – typically available on "about us" pages – and then sending them emails pretending to be from a higher up in the company. They're the targets because they control the money.
Epstein likens this trend to why bank robbers rob banks: because that's where the money is.
"As an individual consumer, if I raid your bank account, I might strike it rich and get away with $10,000. With a small business payroll, I might get $100,000, $200,000, $300,000," says Epstein.
"If I hit something bigger, all I need is for one" attachment to work, he adds.
Proofpoint also found that in 2014, hackers tried to get at these accountants through fake LinkedIn connect requests and other social media lures – and attack that has virtually disappeared in 2015. Instead, the vehicle of choice is communication notification templates, and corporate and personal financial communication lures – things like voicemail and fax notifications.
Sign up for Computerworld eNewsletters.