A research report from email and data security company Mimecast revealed that there is a significant increase in Business Email Compromise (BEC) attacks. Mimecast, a cybersecurity and compliance provider, helps global enterprises make their email system safer, restore trust, and strengthen cyber resilience.
In its report, Email Security Risk Assessment (ESRA), Mimecast stated that emails containing viruses and malware attachments are being delivered to users’ inboxes from incumbent email security systems.
The ESRA highlighted that BEC attacks have increased to 269 percent when compared to the same findings in the last quarter’s report. Mimecast stated that they’ve found 28,783,892 spam emails, 28,808 malware attachments, and 28,726 dangerous file types that are delivered to users’ inboxes.
Mimecast opined that the rise in BEC attacks emphasizes the need for organizations to strengthen their email security capabilities to protect against potential attacks.
“This ESRA report pointed out that impersonation attacks continue to menace all types of organizations, but I think the real issue is that there are tens of thousands email-borne threats successfully able to bypass the email security systems that organizations’ have in place, effectively leaving them vulnerable and putting a lot of pressure on their employees to discern malicious emails,” said Joshua Douglas, vice president of threat intelligence at Mimecast.
“Cybercriminals will always look for new ways to bypass traditional defenses and fool users. This means the industry must focus their efforts on investing in research & development, unified integrations and making it easier for users to be part of security defenses, driving resilience against evolving attacks,” Douglas added.
A similar survey revealed that threat actors are using previously stolen email login credentials to launch brute-force attacks on high-profile cloud-based business systems that use multi-factor authentication (MFA).
According to the research by enterprise security firm Proofpoint, hackers are using IMAP-based password spraying attacks to breach Microsoft Office 365 and G-Suite accounts, which are protected with multi-factor authentication. This technique allows malicious actors to perform credential stuffing attacks to compromise sensitive data. The study revealed that around 60% of all Microsoft Office 365 and G-Suite tenants have been targeted using IMAP-based password-spraying attacks and approximately 25 percent of G-Suite and Office 365 tenants experienced a breach.