Mimecast report: Email Social Engineering on an 80% Rise

Mimecast, a data security firm recently announced the result of their quarterly Email Security Risk Assessment report revealing an 80% increase of phishing, through the use of impersonation activities. In a year after the devastation of the WannaCry ransomware and the wider spread of cryptojacking malware, cybercriminals are still depending on high-level social engineering attacks. Aside from profit as their motivation, there is also big data to be earned from vulnerable systems which can be used for much more devastating cyber warfare against targeted big businesses and state actors.

According to their report, there is approximately 1:50 ratio between the number of malicious links compared to the total number of emails in the sample. That is 203,000 malicious links from 10,072,682 emails checked. Overall there are around 80% more social engineering attacks through impersonation compared to the last quarter. The study also highlights that spam is still a problem to reckon with, with 19,086,877 junk emails recorded by Mimecast this quarter.

Matthew Gardiner, Mimecast’s Cybersecurity Strategist explained: “Targeted malware, heavily socially-engineered impersonation attacks, and phishing threats are still reaching employee inboxes. This leaves organizations at risk of a data breach and financial loss. Our latest quarterly analysis saw a continued attacker focus on impersonation attacks quarter-on-quarter. These are difficult attacks to identify without specialized security capabilities, and this testing shows that commonly used systems aren’t doing a good job catching them. The SE Labs report highlights the need for multiple layers of protection to increase security efficacy and to address the rise of more advanced email attacks.”

One nasty reality unveiled in the report is 15,656 malicious attachment completely bypassed corporate endpoint security, all of them end-up arriving to the user’s mailbox. Phishing attacks have long term consequences, as victims end-up with their personally identifiable information being leaked to unknown parties. The danger of identity theft is very real and has subjected victims to psychological and emotional stress, aside from risks of losing money and dignity.

Big time phishing attacks are nothing new, just last July 1.4 million patient records are stolen from UnityPoint Health. A few weeks ago, Legacy Health became the victim of phishing with 38,000 hospital records stolen. In order to help lessen the possibility of falling for phishing attacks, change is in order. The fitting need to conduct penetration testing in the organization’s networks and computer installation. Most companies see penetration testing as a luxury which can be skipped, but it turns out a successful penetration testing service prevents the possible data breach. Penetration testing must be seen as an “investment not to get hacked, phished or scammed”, and not a cost where a company can cut anytime.

After the penetration testing, companies need to embrace the change of perspective, the adoption of industry best practices of least privilege. Least privilege principle is the granting of access to systems with the most minimum capabilities, which in essence protects the organization if the account was taken over by a 3rd party.