67b emails rejected due to 'highly malicious attack techniques'
Cybersecurity firm Mimecast analysed 160 billion emails sent between April and June 2019, and found that 60 billion (approximately 42%) of those were rejected because they displayed ‘highly malicious attack techniques’.
The Mimecast Threat Intelligence Report, which analysed data taken from 34,000 Mimecast customers around the world, revealed two vastly different attack trends. Attackers are using either simple, opportunistic attacks; or complex, targeted attacks based on necessity to impact the target.
There was also a significant increase in impersonation attacks that were leveraging well-known basic social engineering techniques to target individuals for fast and easy financial gain.
The report suggests that actors are adapting how they engage their targeted victims, initiating through email first, then shifting to SMS, which is a less secure communications channel according to Mimecast.
There is also a rising number of complex targeted attacks that use obfuscation, layering and bundling of malware.
Researchers found that threat actors using these types of attacks are getting to know their target’s security environment, then implementing multiple evasion techniques in efforts to avoid detection.
“The cyber threat landscape will continue to evolve as threat actors continue to look for new ways to bypass security channels to breach their targets,” comments Mimecast vice president of threat intelligence Josh Douglas.
“We’ve observed malware-centric campaigns becoming more sophisticated, often using different types of malware in different phases of an attack – yet, at the same time very simple attacks are also increasing significantly.”
The report also gives specific examples of emerging threats, active threat campaigns observed, primary threat categories and volume, and the top targeted sectors.
Popular malware campaigns incorporated Emotet, Adwin, Necurs, and Gandcrab malware.
Additionally, Microsoft Excel was one of the most popular file types used to distribute malicious threats, accounting for 40% of file associations. Microsoft Word files were associated with 15% of threats.
Other key findings from the report:
- Threat actors are becoming more organised and business-like by implementing subscription and as-a-service-based business models to deliver malware in an effort to reduce their work and improve their return-on-investments
- Spam is heavily used by threat actors as a conduit to distribute malware. Professional education was the most targeted sector for spam, as they are likely seen as a prime target due to constantly changing student populations that are not likely to have high security awareness and the potential for attackers to get access to personal data
- Attacks on management & consulting and biotechnology industries accounted for 30% of all impersonation attacks
- Trojans made up 71% of opportunistic attacks
“The mission of the Threat Intelligence Report is to help organisations better understand the global threat landscape, so they can make more informed decisions on how to strengthen their security posture,” Douglas concludes.