New Threat Intelligence Report Provides Insights into Email-Based Malware Attacks

A new report has been released that contains an analysis of the most common malware threats that are delivered via email, the most targeted industry sectors, and some of the tactics and techniques cybercriminals are using to infiltrate business networks.

For its Threat Intelligence Report: Black Hat Edition 2019, Mimecast analyzed more than 67 billion emails that its email security solution rejected from more than 160 billion messages sent to its customers. The data from the report was collected between April and June 2019.

Over the study period, Mimecast noticed a significant uptick in email impersonation attacks. Those emails used standard social engineering techniques to fool end users into opening attachments and clicking links. The campaigns were conducted by cybercriminals for fast and easy financial gain. While these attacks were not highly sophisticated, they are effective. That is why it is so important to ensure that an email security solution is implemented to prevent these threats from reaching end users’ inboxes and that security awareness training is provided to employees to help them identify these threats.

More complex attack methods were also detected. They involved a variety of techniques to hide malicious activity. High levels of obfuscation were detected in many malware variants, and it is now increasingly common for layering and bundling of malware to occur. Different malware variants are used in different stages of the attacks. The more sophisticated attacks involve first assessing the security capabilities of an organization before conducting attacks that incorporate a variety of evasion techniques to bypass an organization’s security.

An emerging tactic identified by the researchers is for cybercriminals to initially target individuals by email, before switching over to SMS. SMS is less secure, which makes it much easier to compromise devices.

The majority of opportunistic malware attacks involved Trojans, which accounted for 71% of all opportunistic malware attacks. Emotet one of the most prevalent Trojan threats, although a wide variety of malware variants were detected. Other highly prevalent malware strains detected between April and June included Necurs, Adwin, and Gandcrab ransomware.

While malware is often delivered via malicious websites linked in phishing emails, spam is still the main method of malware delivery. More than 40% of email campaigns that spread malware used files associated with Excel. Only 15% of files associated with Microsoft Word were used to spread malware in the period of study.

Mimecast also found that threat actors are now much more business-like and are developing slick subscription and as-a-service business models to increase their return on investment. The most targeted sector was professional education. Mimecast reasons that this is due to constantly changing student populations and a relatively low level of security awareness.

While impersonation attacks are conducted on all industry sectors, 30% of attacks targeted management and consulting and biotechnology firms.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of