Impersonation attacks in alarming rise: Mimecast

Mimecast ESRA Report reveals cybercriminals switching to impersonation attacks to bypass email security systems
Cybercriminals realise traditional email security services remain ineffective against impersonation attacks.
Cybercriminals realise traditional email security services remain ineffective against impersonation attacks.

Share

Impersonation attacks, which rely on duping recipients into wiring the attacker money or highly monetisable data, rose almost 50% quarter over quarter in Q3 2017, Mimecast has said.

Most organisations are more concerned about malware being the main risk to their email related security posture, but could be ignoring impersonation attacks which are on the rise, the email and data security company said.  

According to the Mimecast ESRA report, emails with malware attachments or dangerous files types, combined, only increased about 15%. Missed impersonation attacks on the other hand were seen to occur more than 7 times as often as missed email-borne malware. 

Ed Jennings, chief operating officer at Mimecast said impersonation attacks are an easy and effective way to dupe unsuspecting victims by gaining trust through a combination of social engineering and technical means. “This latest ESRA report reveals that many email security providers are leaving organisations very vulnerable to these often hard to detect impersonation attacks. Cybercriminals know that many traditional email security services are improving their ability to stop email-borne malware, but remain ineffective against impersonation attacks,” Jennings added.

The results highlight the continued challenge of securing organisations from malicious attachments and spam – but most alarming was the number of malwareless impersonation attacks incumbent email security solutions are unable to stop. These findings follow a recent PhishMe study that found approximately two thirds of IT executives surveyed had dealt with a security incident originating from a deceptive email.

The latest ESRA reflects findings by inspecting the actual inbound email of almost 100,000 users over a cumulative 631 days received. These organisations used a variety of common email security systems. More than 55 million emails to date have been inspected as part of the Mimecast ESRA program, all of which had passed through the organisation’s incumbent email security vendor.

Completed ESRA assessments have found more than 12,400,000 pieces of spam, 9,055 emails containing dangerous file types, 1,844 known and 691 unknown emails with malware attachments, and 18,971 impersonation attacks missed by incumbent providers and delivered to users’ inboxes. 

The ESRA testing program measures the effectiveness of existing email security systems in regular use by tens-of-thousands of organisations globally.

Editor's Choice

The robots are coming: Impact of AI on executive search
As the technology industry’s elite struggle to agree on the potential impact of AI and a raft of people queuing up to advise on the potential disruption it will cause, this article by John Curtis-Oliver, Partner at Boyden studies the potential impact on the executive hiring and the executive search industry.
Saudi Football changes pitch from MBC to STC
The news comes just a few days after the release of Saudi businessman Waleed al-Ibrahim, who has management control of MBC. Reuters reports senior Saudi officials saying that Ibrahim agreed to an “undisclosed settlement after admitting to unspecified violations”.
HetNets: paving the way for “ultraband” age
Over time, telecom operators will provide consumers with a “universal connectivity” service (to rule them all), incorporating Wi-Fi and mobile broadband as a single resource, in an “always best connected” mode, leading to an ultraband connectivity service.

Don't Miss a Story