Skip to main content

Almost all cyberattacks still require human interaction

(Image credit: Image Credit: wk1003mike / Shutterstock)

Without vulnerable humans, hackers would have a much harder time breaching systems, because targeting exploits is too expensive and too risky. 

A new report by Proofpoint says that almost all of the threats observed require human interaction (opens in new tab) to execute.

Of all the threats which Proofpoint observed in the past year, more than 99 per cent required a person on the other end to enable a macro, open a file, click a link or open a document, in order to be successful. Proofpoint concludes that humans are the most important link in the chain of cyberattacks.

“Cybercriminals are aggressively targeting people because sending fraudulent emails, stealing credentials, and uploading malicious attachments to cloud applications is easier and far more profitable than creating an expensive, time-consuming exploit that has a high probability of failure,” said Kevin Epstein, vice president of Threat Operations for Proofpoint. “Individual users are the last line of defence,” he added.

Most of the time, hackers are trying to get vulnerable humans to open a Microsoft Office file loaded with malware. Almost a quarter of all phishing emails (opens in new tab) sent last year have had an Office file. This year, however, hackers are moving more towards the cloud, with DocuSign and Microsoft cloud services being used in phishing attacks (opens in new tab).

Hackers are usually interested in stealing credentials, creating feedback loops and lateral movement. To that end, they use banking Trojans, information stealers, RATs and other, non-destructive strains whose purpose is to remain resident on infected devices and continuously gather data.

Proofpoint’s full report can be found on this link (opens in new tab).

Sead Fadilpašić
Sead Fadilpašić

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.