Email Impersonation Attacks Increase by 80% – Mimecast
The latest ESRA report from Mimecast indicates just why email attacks are so loved by cybercriminals, and why organizations need to take email security more seriously.
ESRA is Mimecast’s ongoing Email Security Risk Assessment quarterly analysis. Working with 37 organizations across 20 different industries, Mimecast compares the email threats it detects to those detected by the organizations’ incumbent email security technologies. The results provide two major sets of statistics: the volume of threats that go undetected by the incumbent technologies; and the sheer size of the email threat.
The latest report (PDF) covers more than 142 million emails received by almost 261,924 users. The incumbent email security was Office 365 and Proofpoint.
ESRA’s analysis shows that a total of more than 19 million spam emails; 13,176 emails containing dangerous file types; and 15,656 malware attachments were missed by the incumbent security and delivered to users’ inboxes. It also discovered 203,000 malicious links within just over 10 million emails that were delivered to inboxes — a ratio of around one unstopped malicious link in every fifty inspected emails.
This doesn’t mean that the bad emails were effective, only that they were delivered to their destination. Other security controls might detect malware and inhibit users from clicking on malicious links — but it does imply that these additional controls need to be 100% effective against threats that could have been blocked before delivery.
One figure that stands out in the analysis is an increase of 80% in impersonation attacks over the last quarter’s analysis. Mimecast detected 41,605 cases that had been missed by the organizations’ existing controls.
“Targeted malware, heavily socially-engineered impersonation attacks, and phishing threats are still reaching employee inboxes. This leaves organizations at risk of a data breach and financial loss,” said Matthew Gardiner, cybersecurity strategist at Mimecast. “Our latest quarterly analysis saw a continued attacker focus on impersonation attacks quarter-on-quarter. These are difficult attacks to identify without specialized security capabilities, and this testing shows that commonly used systems aren’t doing a good job catching them.”