Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

New Mimecast Report Detects 400% Increase in Impersonation Attacks

June 2017 by Mimecast

Mimecast Limited announced the most
recent quarterly release of the Mimecast Email Security Risk Assessment (ESRA), a
test which measures the effectiveness of email security systems currently in use by
thousands of organizations globally.

In its second quarterly assessment, Mimecast
found that both known and unknown attacks, as well as spam, are continuing to get
through incumbent email security systems. In addition and of particular concern, are
emails that contain no malware, and instead rely on duping recipients into
responding to a request that usually involves sending the attacker money or highly
monetizable data. These points were addressed in a January 2017 commissioned
Forrester Consulting study titled, Closing the Cloud Security Email
Gap
,
which recommended that organizations engage with a trusted third-party security
vendor to more effectively close the gap with their email security.

In comparison to the data initially reported in the February 2017 ESRA, the number
of impersonation attacks detected this quarter rose more than 400 percent quarter
over quarter. Impersonation attacks consist of social engineering heavy emails that
attempt to impersonate a trusted party such as a C-level executive, employee or
business partner. This simple method of attack is being exploited at an alarming
rate as it can be used to dupe recipients into initiating wire-transfers and sending
back other sensitive data leading to significant financial loss - as evidenced by
widely publicized recent attacks. In fact, a public service
announcement
issued by the Federal
Bureau of Investigation (FBI) stated that between October 2013 and December 2016
business email compromise scams resulted in a total loss of more than $5.3 billion
US dollars. Between January 2015 and December 2016 alone, there was a 2,370%
increase in identified exposed losses.

This latest ESRA reflects findings from inspecting the inbound email for more than
44,000 users over a cumulative 287 days received by participating organizations. In
aggregate to date more than 40 million emails have been inspected by Mimecast, all
of which had already passed through the incumbent email security vendor or cloud
email service in use by each organization. The ESRA test uncovered almost 9 million
pieces of spam, 8,318 dangerous file types, 1,669 known and 487 unknown malware
attachments and 8,605 impersonation attacks. The data reinforces the concerning
reality that the industry must work towards a higher standard of email security, as
90 percent of attacks start with email. In general, organizations everywhere are
struggling with prolific ransomware attacks, like
Locky.

"Cybercriminals are constantly adapting their attack methods. For instance, this
latest ESRA analysis reflects how impersonation attacks are getting through existing
email security defenses at an alarming rate. If a CISO isn’t reviewing its current
email security solution on a 12-18 month basis, they may be surprised at what
threats are now getting into employees’ inboxes," said Ed Jennings, chief operating
officer at Mimecast. "At the same time, email security providers need to ensure
they’re doing their due diligence to protect customers from new attacks, whether
they be advanced or simple. The Mimecast ESRA results show a clear need for the
security industry to come together in the fight against email-borne threats."


See previous articles

    

See next articles












Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts