Transport, legal and banking sectors hardest hit by cyberattacks
Organizations are being targeted by a mixture of simple, low effort and low-cost attacks along with more sophisticated, targeted campaigns, according to the latest quarterly Threat Intelligence Report from security and compliance specialist Mimecast.
Based on analysis of over 200 billion emails, the report looks at the four main categories of attack types discovered in the quarter: spam, impersonation, opportunistic, and targeted. This quarter's report finds that impersonation attacks are on this rise, accounting for 26 percent of total detections -- and now include voice phishing or 'vishing.'
Three industries are targeted the most by cyberattacks. The banking and legal, industries that are replete with sensitive information to yield results for threat actors, and transportation, where state-sponsored threat actors seek to disrupt the logistical and supply capability of rivals.
"Threat actors seek numerous ways into an organization -- from using sophisticated tactics, like voice phishing and domain spoofing, to simple attacks like spam," says Josh Douglas, vice president of threat intelligence at Mimecast. "This quarter's research found that the majority of threats were simple, sheer volume attacks. Easy to execute, but not as easy to protect against as it shines a very bright light on the role human error could play in an organization's vulnerability. Organizations need to take a pervasive approach to email security -- one that integrates the right security tools allowing for greater visibility at, in and beyond the perimeter. This approach also requires educating the last line of defense -- employees. Coupling technology with a force of well-trained human eyes will help organizations strengthen their security postures to defend against both simple and sophisticated threats."
Among other findings, the majority of attacks are of a less sophisticated, high volume, type. These are easy for any individual to launch an attack and are successful because employees are still clicking on malicious links.
Zip files account for 34 percent of file compression format attacks -- consistently the most detected format due to reliance on human error. Researchers also detected a complex range of malware, some of which has been around for many years, in addition to new threats. Malware threats are increasingly being automated too.
The full report is available from the Mimecast site.