Mimecast Limited is a leading email and data security company who launched its first threat intelligence report today. The report provides a technical analysis of emerging threats identified as attempts to get through the security environment of Mimecast customers. Within the contents of the report are tactics and techniques of emerging threats, active threat campaigns, threat categories and top targeted sectors. Attackers either use a simple and opportunistic method or a more complex and targeted method based on the necessity to impact the target.
It covers the period between April and June 2019, and leverages the processing of nearly 160 billion emails, 67 billion of which were rejected for displaying highly malicious attack techniques. A significant increase in impersonation attacks was observed and interestingly, the report cites that threat actors are adapting how they engage their victims, initiating by email and then shifting to SMS, a less secure communications channel.
On the other hand, complex targeted attacks often involved obfuscation, layering and bundling of malware. These type of attacks familizarised themselves with their target's security environment and then implemented multiple evasion techniques to avoid detection.
Microsoft Excel was one of the most popular file types used to distribute malicious activity, as more than 40% of threats detected were using files associated with it. File types associated with Microsoft Word were seen in nearly 15% of threats. Other key findings of the report included that threat actors are becoming more organized and business-like to deliver malware in an effort to improve their return-on-investments and that spam is heavily used by them as a conduit to distribute malware. Professional education was the most targeted sector for spam, seen as a prime target due to constantly changing student populations that are not likely to have high security awareness.