March 2016 | proofpoint | excerpt
Life imitated art in 2015 as real-world cyber criminals every day applied the mantra of the anti-hero hacker of the cable TV series Mr. Robot: “People make the best exploits.” Social engineering became the No. 1 attack technique as attackers shifted away from automated exploits and instead engaged people to do the dirty work—infecting systems, stealing credentials, and transferring funds. Across all vectors and in attacks of all sizes, threat actors used social engineering to trick people into doing things that once depended on malicious code.
Attackers used people in three progressively controlling ways:
1) Running attackers’ code for them, comprised mainly high-volume campaigns distributed to broad groups of users.
2) Handing over credentials to them, targeted key people who had valued credentials, tricking them into turning over their “keys to the castle.”
3) Directly working for them, transferring funds to them…users, thinking they were following orders from higher-ups, most often made wire transfers to fraudulent bank accounts.