What stands out in this year’s findings is the speed at which these social engineering methods are advancing. Unit 42 has observed two clear patterns: targeted, high-touch compromise and broad, at-scale deceptions. The former involved impersonation of staff, manipulation of help desks and privilege escalation in real time using voice lures and stolen identity data. The latter, such as ClickFix, SEO poisoning, and fake browser prompts, involved tricking users into compromising their own devices across multiple platforms.
Other key findings from the report include:
- Low Detection Coverage and Alert Fatigue Enable Attacks: 13% of critical alerts went unnoticed or misclassified, giving attackers an opening to exploit weak points such as identity recovery workflows and lateral movement paths.
- Escalating Business Disruption: Over 50% of social engineering incidents led to sensitive data exposure, while others caused service interruptions or broader operational impact. These fast-moving attacks maximize financial returns while requiring minimal infrastructure or risk.
- Artificial Intelligence Accelerates Threats: Threat actors are leveraging generative AI to craft personalized lures. In fact, 23% of social engineering incidents already involved callback or voice-based techniques.
- Profit Remains the Primary Driver: 93% of social engineering intrusions were financially motivated, highlighting that attackers continue to choose human-centered tactics because they are fast, effective, and cost little to execute.
- Industries Most Impacted by Social Engineering Attacks: Manufacturing (15%) topped the list, followed by professional/legal services (11%), wholesale/retail (10%), and financial services (10%).
“The biggest vulnerability in cybersecurity is not only about the technology; it is also about the exploitation of trust. Attackers are now using AI to scale deception, taking advantage of gaps in identity management and human interactions. The message is clear: Organizations must build resilience that protects not only their systems, but their people and processes too. The progress we’re seeing is encouraging, but staying ahead of these human-focused threats requires a collective effort,” said Philippa Cogswell, Vice President and Managing Partner, Unit 42, Asia-Pacific & Japan, Palo Alto Networks.
The report underscores that defending against social engineering requires a shift from relying on awareness alone to building systemic resilience, and recommends organizations to:
- Strengthen identity security: Detect abnormal logins, multi-factor authentication (MFA) abuse, and credential misuse early with identity-based analytics and Identity Threat Detection and Response (ITDR) capabilities.
- Adopt Zero Trust access: Enforce least privilege, apply conditional access policies, and segment networks to contain intrusions under a comprehensive Zero Trust security model.
- Secure human workflows: Protect help desks and identity recovery processes with stronger verification, and train frontline staff to recognize impersonation, pretexting, and voice-based scams.
- Expand visibility beyond email: Monitor browsers, Domain Name System (DNS) activity, and collaboration platforms to stop fake prompts, SEO poisoning, and malicious links before they spread.
No comments:
Post a Comment