www.proofpoint.com
Open in
urlscan Pro
2a02:e980:107::cf
Public Scan
URL:
https://www.proofpoint.com/us/blog/threat-insight/small-and-medium-business-APT-phishing-landscape-in-2023
Submission: On May 25 via api from TR — Scanned from DE
Submission: On May 25 via api from TR — Scanned from DE
Form analysis 3 forms found in the DOM
/us
<form action="/us" data-region="us" data-language="en">
<input type="text" name="search_block_form" placeholder="Search">
<input type="submit">
</form><form id="mktoForm_10895" data-mkto-id="10895" data-mkto-base="//app-abj.marketo.com" data-munchkin-id="309-RHV-619" data-submit-text="" data-redirect-link="" data-prefill="" data-event-label=""
class="mk-form__form marketo-form-block__form mktoForm mktoHasWidth mktoLayoutLeft js-visible mkto-form-processed" novalidate="novalidate" style="font-family: inherit; font-size: 16px; color: rgb(51, 51, 51); width: 1601px;">
<style type="text/css"></style>
<div class="mktoFormRow">
<div class="mktoFieldDescriptor mktoFormCol" style="margin-bottom: 5px;">
<div class="mktoOffset" style="width: 5px;"></div>
<div class="mktoFieldWrap mktoRequiredField"><label for="Email" id="LblEmail" class="mktoLabel mktoHasWidth" style="width: 150px;">
<div class="mktoAsterix">*</div>Business Email:
</label>
<div class="mktoGutter mktoHasWidth" style="width: 5px;"></div><input id="Email" name="Email" placeholder="Business Email *" maxlength="255" aria-labelledby="LblEmail InstructEmail" type="email"
class="mktoField mktoEmailField mktoHasWidth mktoRequired" aria-required="true" style="width: 200px;"><span id="InstructEmail" tabindex="-1" class="mktoInstruction"></span>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="mktoFieldDescriptor mktoFormCol" style="margin-bottom: 5px;">
<div class="mktoFieldWrap mk-form__checkbox-field">
<div class="blog-subscribe__select-box">Select</div><label for="blogInterest" id="LblblogInterest" class="mktoLabel mktoHasWidth mk-form__checkbox-label" style="width: 150px;">
<div class="mktoAsterix">*</div>Blog Interest:
</label>
<div class="mktoGutter mktoHasWidth" style="width: 5px;"></div>
<div class="mktoLogicalField mktoCheckboxList mktoHasWidth" style="width: 200px;"><input name="blogInterest" id="mktoCheckbox_185044_0" type="checkbox" value="All"
aria-labelledby="LblblogInterest LblmktoCheckbox_185044_0 InstructblogInterest" class="mktoField"
placeholder="AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsEngineering InsightsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight"><label
for="mktoCheckbox_185044_0" id="LblmktoCheckbox_185044_0">All</label><input name="blogInterest" id="mktoCheckbox_185044_1" type="checkbox" value="Archiving and Compliance"
aria-labelledby="LblblogInterest LblmktoCheckbox_185044_1 InstructblogInterest" class="mktoField"
placeholder="AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsEngineering InsightsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight"><label
for="mktoCheckbox_185044_1" id="LblmktoCheckbox_185044_1">Archiving and Compliance</label><input name="blogInterest" id="mktoCheckbox_185044_2" type="checkbox" value="CISO Perspectives"
aria-labelledby="LblblogInterest LblmktoCheckbox_185044_2 InstructblogInterest" class="mktoField"
placeholder="AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsEngineering InsightsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight"><label
for="mktoCheckbox_185044_2" id="LblmktoCheckbox_185044_2">CISO Perspectives</label><input name="blogInterest" id="mktoCheckbox_185044_3" type="checkbox" value="Cloud Security"
aria-labelledby="LblblogInterest LblmktoCheckbox_185044_3 InstructblogInterest" class="mktoField"
placeholder="AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsEngineering InsightsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight"><label
for="mktoCheckbox_185044_3" id="LblmktoCheckbox_185044_3">Cloud Security</label><input name="blogInterest" id="mktoCheckbox_185044_4" type="checkbox" value="Corporate News"
aria-labelledby="LblblogInterest LblmktoCheckbox_185044_4 InstructblogInterest" class="mktoField"
placeholder="AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsEngineering InsightsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight"><label
for="mktoCheckbox_185044_4" id="LblmktoCheckbox_185044_4">Corporate News</label><input name="blogInterest" id="mktoCheckbox_185044_5" type="checkbox" value="Email and Cloud Threats"
aria-labelledby="LblblogInterest LblmktoCheckbox_185044_5 InstructblogInterest" class="mktoField"
placeholder="AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsEngineering InsightsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight"><label
for="mktoCheckbox_185044_5" id="LblmktoCheckbox_185044_5">Email and Cloud Threats</label><input name="blogInterest" id="mktoCheckbox_185044_6" type="checkbox" value="Engineering Insights"
aria-labelledby="LblblogInterest LblmktoCheckbox_185044_6 InstructblogInterest" class="mktoField"
placeholder="AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsEngineering InsightsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight"><label
for="mktoCheckbox_185044_6" id="LblmktoCheckbox_185044_6">Engineering Insights</label><input name="blogInterest" id="mktoCheckbox_185044_7" type="checkbox" value="Information Protection"
aria-labelledby="LblblogInterest LblmktoCheckbox_185044_7 InstructblogInterest" class="mktoField"
placeholder="AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsEngineering InsightsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight"><label
for="mktoCheckbox_185044_7" id="LblmktoCheckbox_185044_7">Information Protection</label><input name="blogInterest" id="mktoCheckbox_185044_8" type="checkbox" value="Insider Threat Management"
aria-labelledby="LblblogInterest LblmktoCheckbox_185044_8 InstructblogInterest" class="mktoField"
placeholder="AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsEngineering InsightsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight"><label
for="mktoCheckbox_185044_8" id="LblmktoCheckbox_185044_8">Insider Threat Management</label><input name="blogInterest" id="mktoCheckbox_185044_9" type="checkbox" value="Remote Workforce Protection"
aria-labelledby="LblblogInterest LblmktoCheckbox_185044_9 InstructblogInterest" class="mktoField"
placeholder="AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsEngineering InsightsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight"><label
for="mktoCheckbox_185044_9" id="LblmktoCheckbox_185044_9">Remote Workforce Protection</label><input name="blogInterest" id="mktoCheckbox_185044_10" type="checkbox" value="Security Awareness Training"
aria-labelledby="LblblogInterest LblmktoCheckbox_185044_10 InstructblogInterest" class="mktoField"
placeholder="AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsEngineering InsightsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight"><label
for="mktoCheckbox_185044_10" id="LblmktoCheckbox_185044_10">Security Awareness Training</label><input name="blogInterest" id="mktoCheckbox_185044_11" type="checkbox" value="Security Briefs"
aria-labelledby="LblblogInterest LblmktoCheckbox_185044_11 InstructblogInterest" class="mktoField"
placeholder="AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsEngineering InsightsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight"><label
for="mktoCheckbox_185044_11" id="LblmktoCheckbox_185044_11">Security Briefs</label><input name="blogInterest" id="mktoCheckbox_185044_12" type="checkbox" value="Threat Insight"
aria-labelledby="LblblogInterest LblmktoCheckbox_185044_12 InstructblogInterest" class="mktoField"
placeholder="AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsEngineering InsightsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight"><label
for="mktoCheckbox_185044_12" id="LblmktoCheckbox_185044_12">Threat Insight</label></div><span id="InstructblogInterest" tabindex="-1" class="mktoInstruction"></span>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="Employees_Picklist__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="State" class="mktoField mktoFieldDescriptor mktoFormCol" value="State/Province" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="Most_Recent_Medium__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="Website" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="Most_Recent_Medium_Detail__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="www-pfpt" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="Industry" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="Website" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="AnnualRevenue" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="demandbasesid" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="demandBase_Data_Source" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="Primary_Product_Interest__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="UTM_Post_ID__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="utmcampaign" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="utmterm" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="db_employee_count" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="Unsubscribed" class="mktoField mktoFieldDescriptor mktoFormCol" value="0" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoButtonRow"><span class="mktoButtonWrap mktoNative" style="margin-left: 110px;"><button type="submit" class="mktoButton">Submit</button></span></div><input type="hidden" name="formid" class="mktoField mktoFieldDescriptor"
value="10895" placeholder=""><input type="hidden" name="munchkinId" class="mktoField mktoFieldDescriptor" value="309-RHV-619" placeholder=""><input type="hidden" name="Website_Conversion_URL__c" class="mktoField mktoFieldDescriptor"
value="https://www.proofpoint.com/us/blog/threat-insight/small-and-medium-business-APT-phishing-landscape-in-2023"><input type="hidden" name="gAClientID" class="mktoField mktoFieldDescriptor" value="574070735.1684980802">
</form><form data-mkto-id="10895" data-mkto-base="//app-abj.marketo.com" data-munchkin-id="309-RHV-619" data-submit-text="" data-redirect-link="" data-prefill="" data-event-label=""
class="mk-form__form marketo-form-block__form mktoForm mktoHasWidth mktoLayoutLeft" novalidate="novalidate"
style="font-family: inherit; font-size: 16px; color: rgb(51, 51, 51); visibility: hidden; position: absolute; top: -500px; left: -1000px; width: 1600px;"></form>Text Content
Skip to main content Products Solutions Partners Resources Company ContactLanguages Support Log-in Digital Risk Portal Email Fraud Defense ET Intelligence Proofpoint Essentials Sendmail Support Log-in Main Menu AEGIS THREAT PROTECTION PLATFORM Disarm BEC, phishing, ransomware, supply chain threats and more. SIGMA INFORMATION PROTECTION PLATFORM Defend your data from careless, compromised and malicious users. IDENTITY THREAT DEFENSE PLATFORM Prevent identity risks, detect lateral movement and remediate identity threats in real time. INTELLIGENT COMPLIANCE PLATFORM Reduce risk, control costs and improve data visibility to ensure compliance. PREMIUM SERVICES Leverage proactive expertise, operational continuity and deeper insights from our skilled experts. NEW THREAT PROTECTION SOLUTION BUNDLES WITH FLEXIBLE DEPLOYMENT OPTIONS AI-powered protection against BEC, ransomware, phishing, supplier risk and more with inline+API or MX-based deployment Learn More SOLUTIONS BY TOPIC COMBAT EMAIL AND CLOUD THREATS Protect your people from email and cloud threats with an intelligent and holistic approach. CHANGE USER BEHAVIOR Help your employees identify, resist and report attacks before the damage is done. COMBAT DATA LOSS AND INSIDER RISK Prevent data loss via negligent, compromised and malicious insiders by correlating content, behavior and threats. MODERNIZE COMPLIANCE AND ARCHIVING Manage risk and data retention needs with a modern compliance and archiving solution. PROTECT CLOUD APPS Keep your people and their cloud apps secure by eliminating threats, avoiding data loss and mitigating compliance risk. PREVENT LOSS FROM RANSOMWARE Learn about this growing threat and stop attacks by securing today’s top ransomware vector: email. SECURE MICROSOFT 365 Implement the very best security and compliance solution for your Microsoft 365 collaboration suite. DEFEND YOUR REMOTE WORKFORCE WITH CLOUD EDGE Secure access to corporate resources and ensure business continuity for your remote workers. WHY PROOFPOINT Today’s cyber attacks target people. Learn about our unique people-centric approach to protection. SOLUTIONS BY INDUSTRY Federal Government State and Local Government Higher Education Financial Services Healthcare Mobile Operators Internet Service Providers Small and Medium Businesses PARTNER PROGRAMS CHANNEL PARTNERS Become a channel partner. Deliver Proofpoint solutions to your customers and grow your business. ARCHIVE EXTRACTION PARTNERS Learn about the benefits of becoming a Proofpoint Extraction Partner. GLOBAL SYSTEM INTEGRATOR (GSI) AND MANAGED SERVICE PROVIDER (MSP) PARTNERS Learn about our global consulting and services partners that deliver fully managed and integrated solutions. TECHNOLOGY AND ALLIANCE PARTNERS Learn about our relationships with industry-leading firms to help protect your people, data and brand. SOCIAL MEDIA PROTECTION PARTNERS Learn about the technology and alliance partners in our Social Media Protection Partner program. PROOFPOINT ESSENTIALS PARTNER PROGRAMS Small Business Solutions for channel partners and MSPs. PARTNER TOOLS Become a Channel Partner Channel Partner Portal RESOURCE LIBRARY Find the information you're looking for in our library of videos, data sheets, white papers and more. BLOG Keep up with the latest news and happenings in the ever‑evolving cybersecurity landscape. PODCASTS Learn about the human side of cybersecurity. Episodes feature insights from experts and executives. NEW PERIMETERS MAGAZINE Get the latest cybersecurity insights in your hands – featuring valuable knowledge from our own industry experts. THREAT GLOSSARY Learn about the latest security threats and how to protect your people, data, and brand. EVENTS Connect with us at events to learn how to protect your people and data from ever‑evolving threats. CUSTOMER STORIES Read how Proofpoint customers around the globe solve their most pressing cybersecurity challenges. WEBINARS Browse our webinar library to learn about the latest threats, trends and issues in cybersecurity. Watch now to earn your CPE credits SECURITY HUBS Get free research and resources to help you protect against threats, build a security culture, and stop ransomware in its tracks. Threat Hub CISO Hub Cybersecurity Awareness Hub Ransomware Hub Insider Threat Management Hub ABOUT PROOFPOINT Proofpoint is a leading cybersecurity company that protects organizations' greatest assets and biggest risks: their people. WHY PROOFPOINT Today’s cyber attacks target people. Learn about our unique people-centric approach to protection. CAREERS Stand out and make a difference at one of the world's leading cybersecurity companies. NEWS CENTER Read the latest press releases, news stories and media highlights about Proofpoint. PRIVACY AND TRUST Learn about how we handle data and make commitments to privacy and other regulations. ENVIRONMENTAL, SOCIAL, AND GOVERNANCE Learn about our people-centric principles and how we implement them to positively impact our global community. SUPPORT Access the full range of Proofpoint support services. Learn More English (Americas) English (Europe, Middle East, Africa) English (Asia-Pacific) Español Deutsch Français Italiano Português 日本語 한국어 Products Overview EMAIL SECURITY AND PROTECTION Email Protection Email Fraud Defense Secure Email Relay Threat Response Auto-Pull Sendmail Open Source Essentials for Small Business ADVANCED THREAT PROTECTION Targeted Attack Protection in Email Email Isolation Threat Response Emerging Threats Intelligence SECURITY AWARENESS TRAINING Assess Change Behavior Evaluate Overview INFORMATION PROTECTION Enterprise Data Loss Prevention (DLP) Insider Threat Management Intelligent Classification and Protection Endpoint Data Loss Prevention (DLP) Email Data Loss Prevention (DLP) Email Encryption Data Discover CLOUD SECURITY Browser Isolation Cloud Account Defense Cloud App Security Broker Web Security Overview IDENTITY THREAT DETECTION AND RESPONSE Spotlight Shadow Overview COMPLIANCE AND ARCHIVING Automate Capture Patrol Track Archive Discover Supervision DIGITAL RISK PROTECTION Social Media Protection Domain Fraud Monitoring Executive and Location Threat Monitoring Overview PREMIUM SERVICES Managed Email Threat Protection Services Managed Information Protection Services Managed Security Awareness Services Recurring Consultative Services Technical Account Managers Threat Intelligence Services People-Centric Security Program Products Solutions Partners Resources Company English (Americas) English (Europe, Middle East, Africa) English (Asia-Pacific) Español Deutsch Français Italiano Português 日本語 한국어 Login Support Log-in Digital Risk Portal Email Fraud Defense ET Intelligence Proofpoint Essentials Sendmail Support Log-in Contact AEGIS THREAT PROTECTION PLATFORM Disarm BEC, phishing, ransomware, supply chain threats and more. SIGMA INFORMATION PROTECTION PLATFORM Defend your data from careless, compromised and malicious users. IDENTITY THREAT DEFENSE PLATFORM Prevent identity risks, detect lateral movement and remediate identity threats in real time. INTELLIGENT COMPLIANCE PLATFORM Reduce risk, control costs and improve data visibility to ensure compliance. PREMIUM SERVICES Leverage proactive expertise, operational continuity and deeper insights from our skilled experts. Overview EMAIL SECURITY AND PROTECTION Email Protection Email Fraud Defense Secure Email Relay Threat Response Auto-Pull Sendmail Open Source Essentials for Small Business ADVANCED THREAT PROTECTION Targeted Attack Protection in Email Email Isolation Threat Response Emerging Threats Intelligence SECURITY AWARENESS TRAINING Assess Change Behavior Evaluate Overview INFORMATION PROTECTION Enterprise Data Loss Prevention (DLP) Insider Threat Management Intelligent Classification and Protection Endpoint Data Loss Prevention (DLP) Email Data Loss Prevention (DLP) Email Encryption Data Discover CLOUD SECURITY Browser Isolation Cloud Account Defense Cloud App Security Broker Web Security Overview IDENTITY THREAT DETECTION AND RESPONSE Spotlight Shadow Overview COMPLIANCE AND ARCHIVING Automate Capture Patrol Track Archive Discover Supervision DIGITAL RISK PROTECTION Social Media Protection Domain Fraud Monitoring Executive and Location Threat Monitoring Overview PREMIUM SERVICES Managed Email Threat Protection Services Managed Information Protection Services Managed Security Awareness Services Recurring Consultative Services Technical Account Managers Threat Intelligence Services People-Centric Security Program NEW THREAT PROTECTION SOLUTION BUNDLES WITH FLEXIBLE DEPLOYMENT OPTIONS AI-powered protection against BEC, ransomware, phishing, supplier risk and more with inline+API or MX-based deployment Learn More SOLUTIONS BY TOPIC COMBAT EMAIL AND CLOUD THREATS Protect your people from email and cloud threats with an intelligent and holistic approach. CHANGE USER BEHAVIOR Help your employees identify, resist and report attacks before the damage is done. COMBAT DATA LOSS AND INSIDER RISK Prevent data loss via negligent, compromised and malicious insiders by correlating content, behavior and threats. MODERNIZE COMPLIANCE AND ARCHIVING Manage risk and data retention needs with a modern compliance and archiving solution. PROTECT CLOUD APPS Keep your people and their cloud apps secure by eliminating threats, avoiding data loss and mitigating compliance risk. PREVENT LOSS FROM RANSOMWARE Learn about this growing threat and stop attacks by securing today’s top ransomware vector: email. SECURE MICROSOFT 365 Implement the very best security and compliance solution for your Microsoft 365 collaboration suite. DEFEND YOUR REMOTE WORKFORCE WITH CLOUD EDGE Secure access to corporate resources and ensure business continuity for your remote workers. WHY PROOFPOINT Today’s cyber attacks target people. Learn about our unique people-centric approach to protection. SOLUTIONS BY INDUSTRY Federal Government State and Local Government Higher Education Financial Services Healthcare Mobile Operators Internet Service Providers Small and Medium Businesses PARTNER PROGRAMS CHANNEL PARTNERS Become a channel partner. Deliver Proofpoint solutions to your customers and grow your business. ARCHIVE EXTRACTION PARTNERS Learn about the benefits of becoming a Proofpoint Extraction Partner. GLOBAL SYSTEM INTEGRATOR (GSI) AND MANAGED SERVICE PROVIDER (MSP) PARTNERS Learn about our global consulting and services partners that deliver fully managed and integrated solutions. TECHNOLOGY AND ALLIANCE PARTNERS Learn about our relationships with industry-leading firms to help protect your people, data and brand. SOCIAL MEDIA PROTECTION PARTNERS Learn about the technology and alliance partners in our Social Media Protection Partner program. PROOFPOINT ESSENTIALS PARTNER PROGRAMS Small Business Solutions for channel partners and MSPs. PARTNER TOOLS Become a Channel Partner Channel Partner Portal RESOURCE LIBRARY Find the information you're looking for in our library of videos, data sheets, white papers and more. BLOG Keep up with the latest news and happenings in the ever‑evolving cybersecurity landscape. PODCASTS Learn about the human side of cybersecurity. Episodes feature insights from experts and executives. NEW PERIMETERS MAGAZINE Get the latest cybersecurity insights in your hands – featuring valuable knowledge from our own industry experts. THREAT GLOSSARY Learn about the latest security threats and how to protect your people, data, and brand. EVENTS Connect with us at events to learn how to protect your people and data from ever‑evolving threats. CUSTOMER STORIES Read how Proofpoint customers around the globe solve their most pressing cybersecurity challenges. WEBINARS Browse our webinar library to learn about the latest threats, trends and issues in cybersecurity. Watch now to earn your CPE credits SECURITY HUBS Get free research and resources to help you protect against threats, build a security culture, and stop ransomware in its tracks. Threat Hub CISO Hub Cybersecurity Awareness Hub Ransomware Hub Insider Threat Management Hub ABOUT PROOFPOINT Proofpoint is a leading cybersecurity company that protects organizations' greatest assets and biggest risks: their people. WHY PROOFPOINT Today’s cyber attacks target people. Learn about our unique people-centric approach to protection. CAREERS Stand out and make a difference at one of the world's leading cybersecurity companies. NEWS CENTER Read the latest press releases, news stories and media highlights about Proofpoint. PRIVACY AND TRUST Learn about how we handle data and make commitments to privacy and other regulations. ENVIRONMENTAL, SOCIAL, AND GOVERNANCE Learn about our people-centric principles and how we implement them to positively impact our global community. SUPPORT Access the full range of Proofpoint support services. Learn More Zeigen Sie weiterhin Inhalte für Ihren Standort an United StatesUnited KingdomFranceDeutschlandEspaña日本AustraliaItaliaFortsetzen Blog Threat Insight Account Compromise, Financial Theft, and Supply Chain Attacks: Analyzing the Small and Medium Business APT Phishing Landscape in 2023 ACCOUNT COMPROMISE, FINANCIAL THEFT, AND SUPPLY CHAIN ATTACKS: ANALYZING THE SMALL AND MEDIUM BUSINESS APT PHISHING LANDSCAPE IN 2023 Share with your network! May 24, 2023 Michael Raggi and the Proofpoint Threat Research Team KEY TAKEAWAYS * Small and medium-sized businesses (SMBs) are increasingly being targeted by Advanced persistent threat (APT) actors globally. * Proofpoint researchers have identified three main trends of attacks targeting SMBs between 2022 and 2023, including the use of compromised SMB infrastructure in phishing campaigns; regional SMB targeting by state-aligned actors for financial theft; and vulnerable regional managed services providers (regional MSPs) being targeted via phishing and thereby introducing the threat of SMB supply chain attacks. Regional MSPs are small to midsize MSPs that service customers in a concentrated geographic area. OVERVIEW Proofpoint researchers conducted a retroactive analysis of small and medium businesses (SMBs) targeted by advanced persistent threat (APT) actors from Q1 2022 through Q1 2023. By leveraging the Proofpoint Essentials telemetry, which encompasses over 200,000+ small and medium business organizations, researchers were able to identify key trends in the APT landscape that pose unique threats to SMBs globally. By examining this data our researchers identified several APT actors specifically targeting SMBs including threat actors aligned with the Russian, Iranian, and North Korean state interests. This research seeks to highlight the threats facing SMBs today from apex level APT actors and provide the SMB community use cases of such targeting over the past year. UNDERSTANDING THE THREAT LANDSCAPE Many organizations attempting to secure their network often focus on business email compromise (BEC), cybercriminal actors, ransomware, and commodity malware families that are commonly encountered in the emails received daily by millions of users worldwide. Less common, however, is a widespread understanding of advanced persistent threat actors and the targeted phishing campaigns they conduct. These skilled threat actors are well-funded entities associated with a particular strategic mission that can include espionage, intellectual property theft, destructive attacks, state-sponsored financial theft, and disinformation campaigns. While more rare and often much more targeted than cybercrime activity, Proofpoint data indicates that APT actors remain interested in SMB targets that align with their broader mandates as indicated above. This means that some of the most formidable cyber threat actors in the landscape maintain an interest in targeting businesses that are commonly under-protected against cyber security threats such as phishing campaigns. EMERGING APT TRENDS IMPACTING SMBS IN THE CYBER THREAT LANDSCAPE By examining a year’s worth of APT campaign data, Proofpoint researchers have identified APT actors from Russia, Iran, and North Korea targeting SMBs with phishing campaigns. These campaigns highlight three pertinent trends in the types of attacks and tactics being used against SMBs. * APT actors using compromised SMB infrastructure in phishing campaigns * APT actors engaging in targeted state aligned financially motivated attacks against SMB financial services * APT actors targeting SMBs to initiate supply chain attacks SMBS USED FOR COMPROMISED INFRASTRUCTURE IN THREAT ACTOR CAMPAIGNS Proofpoint researchers observed more instances of impersonation or compromise of an SMB domain or email address over the past year. These occurrences often involved a threat actor successfully compromising an SMB web server or email account. These compromises may have been achieved through credential harvesting, or, in the case of a web server, through unpatched vulnerability exploitation. Once compromise was achieved, the email address was then used to send a malicious email to subsequent targets. If an actor compromised a web server hosting a domain, the threat actor then abused that legitimate infrastructure to host or deliver malicious malware to a third-party target. Proofpoint researchers recently identified a prominent example of compromised SMB infrastructure being utilized by the APT actor TA473 (referred to in open-source intelligence as Winter Vivern) in phishing campaigns from November 2022 through February 2023. These campaigns targeted US and European government entities. In March 2023, Proofpoint published details about TA473’s transmission emails from compromised email addresses. In several instances, these emails originated from WordPress hosted domains that may have been unpatched or unsecure at the time of compromise. Additionally, unpatched Zimbra web mail servers have been exploited to compromise email accounts of government entities. In addition to sending emails via compromised SMB infrastructure, TA473 has also utilized compromised small and medium business domains to deliver malware payloads. Notably, this actor has compromised the domains of a Nepal-based artisanal clothing manufacturer and an orthopedist based in the US tri-state area to deliver malware via phishing campaigns. Figure 1. TA473 cross-site request forgery infection diagram. From January through March 2023, Proofpoint researchers observed regular impersonation of a medium-sized business based in Saudi Arabia within the auto-manufacturing sector as part of a phishing campaign. This credential harvesting phishing campaign, which targeted private email addresses in the United States and Ukraine, is attributable to TA422 (publicly known as APT28). This campaign represents ongoing targeting of Ukrainian entities by Russian GRU-related organizations, but interestingly spoofs an entity within the Middle East to target entities based in the US and Europe. The threat actor included the spoofed address within the “MailTo” field of the email header likely to augment social engineering efforts to appear as the impersonated entity. However, this impersonation via the “MailTo” field has the practical outcome of returning undelivered emails to the legitimate domain being impersonated by the threat actor. Therefore, the unintentional side effect of rejected emails provided Proofpoint researchers visibility into the credential harvesting pages of TA422 that leveraged the following subdomains to host credential phishing pages: 42web[.]io and frge[.]io. Lastly, our researchers observed a prominent case of APT impersonation in May 2022 when TA499 (also known as Vovan and Lexus, which are personas selected by the threat actors), a Russia-based and state encouraged actor who solicits politically themed video conference calls from prominent pro-Ukraine figures, targeted a medium-sized business that represents major celebrity talent in the United States. TA499 sought to entice a major American celebrity into a video conference call about the conflict in Ukraine by impersonating Ukrainian President Volodymyr Zelensky. Proofpoint was able to attribute this campaign to TA499 based on a series of actor-controlled email addresses and domains that the group used consistently throughout 2022. More details on TA499 and its activity can be found in our recently published blog about the threat actor. Figure 2. Timeline of TA499 activity in 2022. AN APT WOULD LIKE TO MAKE A WITHDRAWAL – SMBS TARGETED BY STATE-ALIGNED FINANCIAL THEFT Apart from espionage, intellectual property theft, and destructive attacks, financially motivated attacks by state-aligned threat actors remain a persistent threat for the financial services sector. APT actors aligned with North Korea have in past years targeted financial services institutions, decentralized finance, and block chain technology with the goal of stealing funds and cryptocurrency. These funds are largely utilized to finance different aspects of North Korea’s governmental operations. In December 2022, Proofpoint observed a medium-sized digital banking institution in the United States receive a phishing campaign from the North Korea-aligned TA444. The email utilized an email sender address that impersonated ABF Capital to deliver a malicious URL that prompted an infection chain leading to the delivery of the CageyChameleon malware. Proofpoint recently published details on TA444 and its upstart mentality in the latter half of 2022. Figure 3. Example TA444 email lure using salary adjustment themes. REGIONAL MANAGED SERVICE PROVIDERS INCREASINGLY TARGETED BY PHISHING IN APT SUPPLY CHAIN ATTACKS The final emergent trend observed between 2022 and 2023 is the increased level of APT targeting of vulnerable regional managed service providers (MSPs) as a means of initiating supply chain attacks. Regional MSPs often protect hundreds of SMBs that are local to their geography and a number of these maintain limited and often non-enterprise grade cyber security defenses. APT actors appear to have noticed this disparity between the levels of defense provided and the potential opportunities to gain access to desirable end user environments. Accordingly, Proofpoint has observed instances of regional MSPs being targeted in phishing campaigns within geographies that align with the strategic collection requirements of APT actors. In mid-January 2023, Proofpoint researchers observed TA450—publicly known as Muddywater and attributed to Iran’s Ministry of Intelligence and Security—targeting two Israeli regional MSPs and IT support businesses via a phishing email campaign. These emails originated from a compromised email address at an Israeli medium-sized financial services business and included a URL for the cloud hosting provider OneHub. If clicked, this URL delivered a Zip archive that contained a legitimate installer executable file for the remote administration tool Syncro. While Syncro is a legitimate remote administration tool used in businesses, in this context, once installed on the target host, threat actors would be able to utilize the remote administration tool like a remote access trojan and conduct additional intrusion activities, likely through both native tools and proprietary malware. The targeting of regional MSPs within Israel aligns with TA450’s historic geographic target set. Further this recent campaign indicates TA450 maintains an interest in targeting regional technology providers to gain access to downstream SMB users via supply chain attacks originating against vulnerable regional MSPs. Figure 4. Example TA450 Syncro infection chain circa January 2023. CONCLUSION An increasingly complex APT phishing landscape, at a glance, indicates that threat actors are avidly looking to target vulnerable SMBs and regional MSPs as part of their state-aligned collections requirements. Proofpoint data over the past year indicates that several nations and well-known APT threat actors are focusing on small and medium businesses alongside governments, militaries, and major corporate entities. Through the compromise of small and medium business infrastructure for use against secondary targets, state-aligned financial theft, and regional MSP supply chain attacks, APT actors pose a tangible risk to SMBs operating today. This research supports business proprietors and regional MSP efforts to acquire agile email phishing protection like Proofpoint Essentials, which have an eye towards detecting targeted attacks as well as preventing spam and discarding high volume threats from cybercrime actors. Previous Blog Post Subscribe to the Proofpoint Blog * Business Email: Select * Blog Interest: AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsEngineering InsightsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight Submit ABOUT * Overview * Why Proofpoint * Careers * Leadership Team * News Center * Nexus Platform * Privacy and Trust THREAT CENTER * Threat Hub * Cybersecurity Awareness Hub * Ransomware Hub * Threat Glossary * Threat Blog * Daily Ruleset PRODUCTS * Email Security & Protection * Advanced Threat Protection * Security Awareness Training * Cloud Security * Archive & Compliance * Information Protection * Digital Risk Protection * Product Bundles RESOURCES * White Papers * Webinars * Data Sheets * Events * Customer Stories * Blog * Free Trial CONNECT * +1-408-517-4710 * Contact Us * Office Locations * Request a Demo SUPPORT * Support Login * Support Services * IP Address Blocked? * Facebook * Twitter * linkedin * Youtube * English (US) * English (UK) * English (AU) * Español * Deutsch * Français * Italiano * Português * 日本語 * 한국어 © 2023. All rights reserved. Terms and conditions Privacy Policy Sitemap