Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Email Security

Email Impersonation Attacks Increase by 80%

The latest ESRA report from Mimecast indicates just why email attacks are so loved by cybercriminals, and why organizations need to take email security more seriously.

The latest ESRA report from Mimecast indicates just why email attacks are so loved by cybercriminals, and why organizations need to take email security more seriously.

ESRA is Mimecast’s ongoing Email Security Risk Assessment quarterly analysis. Working with 37 organizations across 20 different industries, Mimecast compares the email threats it detects to those detected by the organizations’ incumbent email security technologies. The results provide two major sets of statistics: the volume of threats that go undetected by the incumbent technologies; and the sheer size of the email threat.

The latest report (PDF) covers more than 142 million emails received by almost 261,924 users. The incumbent email security was Office 365 and Proofpoint.

ESRA’s analysis shows that a total of more than 19 million spam emails; 13,176 emails containing dangerous file types; and 15,656 malware attachments were missed by the incumbent security and delivered to users’ inboxes. It also discovered 203,000 malicious links within just over 10 million emails that were delivered to inboxes — a ratio of around one unstopped malicious link in every fifty inspected emails.

This doesn’t mean that the bad emails were effective, only that they were delivered to their destination. Other security controls might detect malware and inhibit users from clicking on malicious links — but it does imply that these additional controls need to be 100% effective against threats that could have been blocked before delivery.

One figure that stands out in the analysis is an increase of 80% in impersonation attacks over the last quarter’s analysis. Mimecast detected 41,605 cases that had been missed by the organizations’ existing controls.

“Targeted malware, heavily socially-engineered impersonation attacks, and phishing threats are still reaching employee inboxes. This leaves organizations at risk of a data breach and financial loss,” said Matthew Gardiner, cybersecurity strategist at Mimecast. “Our latest quarterly analysis saw a continued attacker focus on impersonation attacks quarter-on-quarter. These are difficult attacks to identify without specialized security capabilities, and this testing shows that commonly used systems aren’t doing a good job catching them.”

Mimecast was founded in 2003 by Neil Murray (CTO) and Peter Bauer (CEO). It went public in 2015, and its share price has risen steadily from an initial $10 to its current value at just over $41. During 2018 it has acquired both Solebit (a threat detection firm) and Ataata (a security training firm).

Advertisement. Scroll to continue reading.

Related: The Disconnect Between Understanding Email Threats and Preventing Them 

Related: State of Email Security: What Can Stop Email Threats? 

Related: Preventing Business Email Compromise Requires a Human Touch 

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

SaaS security company AppOmni has hired Joel Wallenstrom as its General Manager.

FTI Consulting has appointed Brett Callow as Managing Director in its Cybersecurity & Data Privacy Communications practice.

Mobile security firm Zimperium has welcomed David Natker as its VP of Global Partners and Alliances.

More People On The Move

Expert Insights