Cybercriminals Increasingly Targeting Employees by Impersonating Businesses

At the Black Hat Europe Conference in London, Mimecast announced the findings of its latest study of its Email Security Risk Assessment (ESRA) test results. The ESRA tests are conducted on thousands of businesses to assess their current security solutions and how effective they are at blocking email-based threats such as phishing attacks and malware and ransomware-laced emails.

While businesses have email gateway security solutions in place, all too often Mimecast’s ESRA tests show that they are not particularly effective at blocking email threats. Many messages are slipping past perimeter defenses.

The latest assessments have shown malware-laced emails are still being delivered to inboxes. The assessments revealed a 15% increase in messages containing malware or dangerous file types. However, a much bigger problem is impersonation attacks. These attacks, which come under the broad banner of phishing, are attempts by cybercriminals to fool end users into wiring money to their accounts or obtaining login credentials to gain access to business networks.

These attacks are highly effective. The messages appear to be genuine email communications from businesses, contacts, and suppliers. They use the same language, company logos, and color schemes, and they can be virtually indistinguishable from genuine email communications.

These types of messages can be difficult to detect by security teams as they include no malicious email attachments or dangerous file types. Instead, the messages use social engineering techniques to fool end users into taking specific actions. These impersonation attacks increased by 50% quarter over quarter, and the messages were seven times as likely to be missed by incumbent email security solutions.

The findings of Mimecast’s study mirror those of a study conducted by the security awareness and anti-phishing solution provider PhishMe. The PhishMe study revealed two thirds of IT executives have had to deal with a security incident that was caused by a deceptive email such as an impersonation attack. The company’s research also shows than more than 91% of all cyberattacks start with a phishing email.

For its report, Mimecast analyzed emails sent to more than 100,000 end users over a period of 631 days, which included more than 55 million messages. 12.4 million spam emails were detected, 9,055 emails with dangerous file attachments, 1,844 emails with attachments containing known malware, 691 emails containing unknown malware, and 18,971 email impersonation attacks. All of those had bypassed organizations’ perimeter defenses.

“Impersonation attacks are an easy and effective way to dupe unsuspecting victims by gaining trust through a combination of social engineering and technical means,” said Ed Jennings, chief operating officer at Mimecast. “Cybercriminals know that many traditional email security services are improving their ability to stop email-borne malware but remain ineffective against impersonation attacks.”

Author: NetSec Editor