New Threat Intelligence Report Analyses Rejected Emails: Mimecast

Mimecast has announced the availability of the Mimecast Threat Intelligence Report: RSA Conference Edition. The report is designed to provide technical analysis from Mimecast threat researchers on major campaigns carried out by threat actors, trends that are emerging from these attacks, and an assessment of likely future trends given threat actors’ current behaviour, events and technology.

The report uncovers the resurgence of Emotet as well as a combination of simplistic, low effort and low-cost attacks, and highly complex, targeted campaigns. Additionally, Mimecast has also launched the Threat Intelligence Hub to house specific threat intelligence insights, reports and vulnerability discoveries from the Mimecast Threat Intelligence Research Team.

The Mimecast Threat Intelligence Report: RSA Conference Edition provides analysis of 202 billion emails processed by Mimecast for its customers during the period from October through December 2019, 92 billion of which were rejected. The team discovered and examined four main categories of attack types throughout the report: spam, impersonation, opportunistic and targeted. Compared to previous quarters, Mimecast researchers noted a marked difference in the more significant attacks conducted: the attacks targeted a wider range of companies across various sectors and for shorter periods of time than in previous quarters. The one sector that was particularly targeted this quarter was the retail industry, accounting for almost a third of the most significant campaign activity conducted by threat actors globally. However, given the holiday gift-giving season from October to December, some of this increase was to be expected.

The most prominent observation of this quarter’s research was the widespread global deployment of the Emotet “dropper” banking malware, which had been seemingly inactive the previous four months. There were 61 significant campaigns identified, marking a 145 percent increase over last quarter despite fewer emails being analysed during the period.  Emotet was a key driver in this spike, as the banking trojan/malware was a component in almost every attack identified.  This massive increase in activity is highly likely to be an indication of threat actors refocusing their efforts from impersonation to exploiting the current effectiveness of ransomware.

“It’s no surprise that threat actors are using a combination of simplistic and sophisticated attacks to gain access to organisations. That’s also likely why we saw such a huge spike in the recently dormant Emotet campaign – they’re attempting to gain as much attack space as possible to land other sophisticated attacks or hold organisations hostage,” said Josh Douglas, VP of threat intelligence at Mimecast.  “These reports offer organisations a global view on how threats are evolving so they can make informed decisions on how to best strengthen their cyber resilience posture.”