“Nothing Is New” On How Businesses Desperately Fights Malicious Emails
Mimecast has released its newest Email Security Risk Assessment Quarterly Report (ESRA) for the first quarter of 2019, which can be summarized in one phrase: “nothing is new.” The overused theme of overconfidence by firms in their fight against malicious emails that penetrate organizations as spam and phishing messages. From their study, companies globally failed to block an estimated 232,010,981 potentially malicious or virus-ridden emails for the first quarter of 2019. Out of those emails, 23,872 contains attachments associated with files containing harmful coded instructions, while 26, 713 contains actual samples of active malware.
“Overall, the Mimecast security service determined that more than 25 million of the more than 232 million emails, or 11%, were in fact “bad” or “likely bad.” In other words, the overall false negative rate in aggregate for the incumbent security systems that have been tested were 11% of all emails inspected by Mimecast,” explained the ESRA Quarterly report.
The only good news is out of the 232 million samples analyzed by Mimecast, 99.6% of it was plain spam messages with the purpose of selling stuff through email. There is still a huge gap on how the email systems used by companies define what “dangerous file types” mean, these are files with filename extensions containing coded instructions for the computer to execute. Unfortunately, as per Mimecast, there are around 1,900 filename extensions that can host malware (due to their extensions are treated by Windows as having executable parts), but many email filters fail to recognize these extensions. 1,900 file name extensions that can be used by any malware authors to propagate their creations is a reality, not everyone using a computer is aware of, let alone capable of enumerating and/or identifying them all, that is the job of the email filter/security vendor.
“It is important to understand that missing more targeted and evasive malware when it is attached to an email is a particularly troubling false negative as the next and generally final layer of defense at the endpoint may also be unable to detect and block it. And at this point the malware has landed,” said the ESRA Quarterly report.
Malicious URLs are also the newest risks all email users face, with the growth of social media, it got intensified due to the mass use of URL shortening services. From the sample emails that Mimecast got for their study, 463,536 unique malicious URLs were detected. These links become an opened can of worms, especially if opened using an old version of whatever web browser the user has. Old versions of browsers contain security vulnerabilities that were already patched with a later version, causing the risk to graduate to real harm not only for the computer but also for the data it contains.
“That comes out to an average of 1 malicious URL getting through an organization’s email defenses for every 61 delivered emails. Given how many emails a typical organization gets in a day, that is a lot of malicious URLs waiting to be clicked in employees’ inboxes!,” said the ESRA Quarterly report.
The central idea of companies doing the same ‘solution’ for the ever-evolving problem does not cut it anymore. With the data provided by the ESRA report, the problem is here to stay if companies will not deal with the problem directly and depend heavily on their current email filtering solution. The choice is in the hands of firms, to use an outdated methodology for a continuously evolving foe is asking for trouble.
Julia Sowells824 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.