Mimecast blocked 99 billion suspicious emails in third quarter

Between July and September this year, inbox management and security specialist Mimecast processed more than 207 billion emails and rejected 99 billion of them for being suspicious, according to its latest quarterly threat intelligence report, which illustrated the scale of the threat from malicious emails and gave new insights into some of the more pernicious campaigns.

The report highlighted both some of the more sophisticated methods that threat actors are using to get inside target organisations, such as impersonation attacks, and some of the cheaper, low-volume spam campaigns, among others.

“Threat actors seek numerous ways into an organisation – from using sophisticated tactics, like voice phishing and domain spoofing, to simple attacks like spam,” said Josh Douglas, vice-president of threat intelligence at Mimecast.

“This quarter’s research found that the majority of threats were simple, sheer volume attacks. Easy to execute, but not as easy to protect against as it shines a very bright light on the role that human error could play in an organisation’s vulnerability.

“Organisations need to take a pervasive approach to email security – one that integrates the right security tools, allowing for greater visibility at, in and beyond the perimeter.”

Douglas added: “This approach also requires educating the last line of defence – employees. Coupling technology with a force of well-trained human eyes will help organisations strengthen their security postures to defend against both simple and sophisticated threats.”

Among the report’s key findings was an explosion in the number of impersonation attacks, where victims are tricked by an email purporting to be, for example, from a trusted or senior figure within their organisation, which were up 18%. Mimecast said this form of attack now also included voice phishing, in which malicious actors use social engineering to gain privileged access by leaving realistic-sounding messages on voicemail systems.

Such attacks tend to target industries that rely on relationship-building, such as the consultancy, property and legal sectors, with c-suite executives and those with privileged access to IT systems or funds being most at risk of being targeted.

Low-effort opportunistic attacks using well-known malware strains continued to show sustained levels during the observed period, with the transport and manufacturing industries particularly at risk.

Meanwhile, bulk spam email campaigns continued to be used extensively to deliver malware during the third quarter, with most payloads being directed at the IT industry – specifically at software-as-a-service (SaaS) specialists – as well as professional and legal services, finance and banking, and retail and wholesale.

A major uptick in spam volumes occurred in mid-September, coinciding with the re-emergence of the Emotet phishing trojan-turned-botnet. Spam attacks, which are cheap, unsophisticated and high volume, remain the predominant means of spreading malware, said Mimecast, and this is unlikely to change.

The supplier said it identified 19 significant malware campaigns between July and September, ranging from simple phishing campaigns to multi-vector campaigns swapping out different file types and attack vectors.

Looking ahead, Mimecast said most of the trends it observed during the quarter were likely to continue, with an emphasis on voicemail impersonation. As scanner efficacy is currently quite high, malicious attachment volumes will decline, which means threat actors will have to seek new means of attack, it said.

There will probably be more attacks against the transport, infrastructure and logistic sectors, many of them from state-sponsored groups seeking to degrade the supply capabilities of their rivals, said Mimecast, adding: “We can expect to see more attacks focusing on the maritime sector due to its strategic importance to global trade.”

In the slightly longer term, the growing scale of 5G networks will see more sophisticated malware threats beginning to emerge, and higher attack volumes, which will mainly be down to the increase in data packet size and network capacity enabled by the new standard, it said.

Mimecast set out three proactive steps any organisation can take to increase its security levels when it comes to email:

• Stress the importance of security controls and resilience in the face of continuously evolving threats, which could include exploring fallback capabilities around cloud and web-based email and data archiving to ensure business as usual if breached.
• Continue to patch systems and make this a higher priority, as well as keeping abreast of threats that might impact older, unsupported or obsolete parts of the IT stack.
• Increase user awareness and keep employees well informed about the threat landscape and how to minimise the risk to themselves.

The full report is available to download from Mimecast’s website.