Proofpoint, Inc. unveiled its annual Human Factor report, which provides a comprehensive examination of the three main facets of user risk—vulnerability, attacks, and privilege—and how the extraordinary events of 2020 transformed the current threat landscape. Human Factor 2021 draws on data and insight from a year’s worth of research, covering threats detected, mitigated, and resolved across one of the largest datasets in cybersecurity.

“Attackers don’t hack in, they log in, and people continue to be the most critical factor in today’s [cyberattacks]. The threat ecosystem has evolved over the past year, and this report explores how a people-centric approach to cybersecurity can reduce today’s risks,” said Ryan Kalember, EVP of cybersecurity strategy, Proofpoint. “In addition to troubling growth in volume and sophistication of ransomware and business email compromise (BEC) attacks, we discovered massive spikes in lesser-known methods like CAPTCHA techniques and steganography, which proved surprisingly effective.”

This report draws on analysis of that data throughout 2020 by our team of expert threat researchers and reveals risks and vulnerabilities that persist today:

  • Ransomware was omnipresent, with more than 48 million messages containing malware capable of being used as an entry point for ransomware attacks. Email remains a crucial part of these attacks, serving as the route through which much of the first-stage malware used to download ransomware is distributed.
  • Credential Phishing—both consumer and corporate—was by far the most common form of cyberattack, accounting for two-thirds of all malicious messages. This credential phishing leads to account compromise, from which other attacks like business email compromise (BEC) and data theft are launched.
  • Of all Phishing methods (attachment, data, link), attachment proved the most successful, with an average of one in five users clicking—a higher rate than the other two combined.
  • Increasingly elaborate BEC fraud attempts emerged. In one case, Proofpoint detected that a single threat actor (TA2520) used BEC to impersonate C-Level executives, instructing multiple email recipients to transfer sums of more than $1 million in the name of a phony corporate acquisition.
  • Steganography was wildly successful, with more than 1 in 3 people targeted in such attack campaigns clicking the malicious email—the highest success rate of all attacks. Steganography is the technique of hiding malicious payloads within seemingly innocuous files like pictures and audio. After the hard-to-detect files land on users’ machines, they are decoded and activated.
  • Attacks using CAPTCHA techniques garnered 50 times as many clicks as the year prior. Because people typically associate CAPTCHA challenges with anti-fraud measures while working from home, five percent clicked—a fiftyfold increase.
  • Cyberthieves used Remote Access Trojans (RAT). In fact, nearly 1 in 4 email threat campaigns employed RAT software tools. For example, the volume of threats delivering Cobalt Strike—a commercial security tool that helps organizations probe for system weaknesses—jumped 161%.
  • 1 in 4 attack campaigns used compressed executable files to hide malware. The method requires a user to interact with a malicious attachment like an Excel spreadsheet or PowerPoint slide deck to execute the payload.

To download Proofpoint’s Human Factor 2021 report, please visit: