Mimecast’s Q3 2023 threat intelligence taken from analysis of more than a billion emails per day on behalf of more than 42,000 customers, as well as external intelligence from the cyber community at large. Because email is the channel through which most cyber threats launch, Mimecast sees many new threats before they become widely known.
Mimecast’s Q3 Threat Intelligence report reveals:
• The number of impersonation attempts and malicious links sent to each user increased by double digits — 12% and 22% respectively. Impersonation attacks have become more sophisticated and opportunistic.
• Impersonation attacks are a key tactic of state-linked groups seeking to establish initial access into targeted networks, and the cyber component of Russia’s invasion of Ukraine likely contributed to the increase in impersonation attacks.
• Medium-sized companies specifically have seen an uptick in threats per user in the third quarter, as attackers see mid-sized companies as a profitable combination of vulnerability and potential cash value.
• Several cybercriminal groups made notable strategic shifts in the quarter.
• Ransomware group CI0p used the previously undisclosed threat of the MOVEit managed file-transfer platform to compromise hundreds of businesses. With many of the victims providing services to client organisations, the impact of data breaches led to more than 2,300 organisations being affected.
• Human resource firms, information technology software and services, and financial services (especially banking)
• The vast majority (76%) of security teams at organizations worldwide expect to have an attack with serious consequences using email as a vector.
• Attackers are moving faster than platforms. The Known Exploited Vulnerabilities (KEV) Catalog, for example, documents which vulnerabilities attackers have already exploited, with 188 vulnerabilities from 2021, 120 from 2022, and 78 from 2023 exploited by attackers to date. Only a handful of vulnerabilities, however, account for most email attacks, making threat intelligence a key to knowing which exploits are most common and to helping harden the network and users against them.
• Attackers are increasingly using major providers’ cloud services to launch attacks, with an increasing amount of spam and phishing coming from public domains, such as gmail.com and outlook.com. Mimecast blocks thousands of malicious email messages targeting Microsoft 365 accounts every day utilizing their own services, such as Microsoft Dynamics 365 Customer Voice.
• Collaboration platforms like Microsoft Teams and Slack also seeing increase in attacks.