Mimecast Limited (NASDAQ: MIME), a leading e-mail and data security company, on February 26, 2020 declared the availability of the Mimecast Threat Intelligence Report: RSA Conference Edition. The report is designed to provide technical analysis from Mimecast threat researchers on most important campaigns carried out by threat actors, trends that are emerging from these attacks, and an assessment of likely future trends given threat actors present day behavior, events and technology. The report uncovers the resurgence of Emotet as well as a mixture of simplistic, low effort and inexpensive attacks, and highly complex, targeted campaigns. Additionally, Mimecast has launched the Mimecast Threat Intelligence Hub to house specific threat intelligence insights, reports and vulnerability discoveries from the Mimecast Threat Intelligence Research Team.

The Mimecast Threat Intelligence Report: RSA Conference Edition gives analysis of 202 billion emails processed by Mimecast for its clients throughout the period from October to December 2019, 92 billion of which have been rejected. The crew found and examined 4 primary categories of attack types all through the report: spam, impersonation, opportunistic and targeted. Compared to previous quarters, Mimecast researchers noted a marked difference in the more substantial attacks conducted: the attacks focused a wider range of organizations throughout a number of sectors and for shorter periods of time than in previous quarters. The one sector that was especially focused this quarter was the retail industry, accounting for nearly a third of the most significant campaign activity carried out by threat actors globally. However, given the holiday gift-giving season from October to December, some of this increase was to be expected.

The most outstanding observation of this quarters research was the massive international deployment of the Emotet dropper banking malware, which had been seemingly inactive the past four months. There were 61 significant campaigns identified, marking a 145 percent increase over final quarter regardless of fewer emails being analysed throughout the period. Emotet was a key driver in this spike, as the banking trojan/malware was a element in nearly each and every attack identified. This huge extend in activity is quite likely to be an indication of threat actors refocusing their efforts from impersonation to exploiting the present day effectiveness of ransomware.

Its no shock that threat actors are using a mixture of simplistic and state-of-the-art attacks to get access to organizations. Thats also likely why we saw such a large spike in the currently dormant Emotet campaign theyre trying to gain as much attack space as possible to land other state-of-the-art attacks or keep organizations hostage, stated Josh Douglas, vice president of threat intelligence at Mimecast. These reviews provide organizations a world view on how threats are evolving so they can make informed choices on how to best give a boost to their cyber resilience posture.

Additional key findings outlined in the report:

The transportation, storage and delivery and retail and wholesale sectors have been disproportionately attacked this previous quarter due to the holiday season.
Emotet has been utilized far more significantly and has been seen in widespread campaigns towards all sectors of the world economy. This discovery demonstrates a level of sophistication that goes beyond an opportunistic cybercriminal. In addition, due to the variety of businesses attacked, its quite likely the attacks continue to be carried out by quite organized criminal organizations for economic gain.
File compression persisted to be an attack format of choice, but Emotet activity by DOC and DOCX formats significantly increased.
Although the number of impersonation attacks is slightly fewer, they remain a key attack vector. Impersonation attacks now consist of a range of voice messaging and a typically less coercive form of communication, which provides as a more nuanced and persuasive threat.
Relying on human error for success, bulk emailing remained a significant, high volume means to distribute malware. This trend will continue as its a powerful threat vector that can be deployed in massive volumes, increasing the chances of success for threat actors.
Read the latest Mimecast Threat Intelligence Report and visit Mimecasts New Threat Intelligence Hub.