Explosion of trap emails not detected by email service providers.
In their latest Email Security Risk Assessment (ESRA), Mimecast stated that established email security systems incorrectly considered almost 17.000 dangerous files were “seguros” this quarter. Email scams have been on the rise, which prompted Mimecast to delve into the effectiveness of Office 365, and other widely used email security systems so that organizations can better understand their risks.
According to a recent survey also conducted by Mimecast, almost the 70% of employees use company-connected Internet devices for activities unrelated to work, which presents a higher likelihood that users could fall victim to one of these scams by opening dangerous files and malicious URLs, while shopping online at work.
ESRA also found that email security providers did not detect more than 21 millions of unwanted emails. Instead of being blocked, they were sent to users' inboxes. If we add to that shortcoming the fact that more than 205.000 malicious URLs were not detected by traditional providers, no es de extrañar por qué se debe medir la eficacia de los sistemas de seguridad de correo electrónico.
In addition, los proveedores no detectaron más de 42.350 intentos de suplantación de identidad, que también se depositaron en las bandejas de entrada de los usuarios, junto con más de 17.500 archivos adjuntos de malware no detectados.
“Los ataques que estamos viendo incluyen a ejecutables dirigidos a explotar los servicios de almacenamiento en la nube, ataques de suplantación dirigidos a asistencia legal, financiera y administrativa, así como ataques de ingeniería social contra el personal de gerencia y dirección de empresas. In addition, These reports provide information on the rise of new types of malware and key trends in malicious email campaigns”.
The last quarter saw an increase in emails containing dangerous file types, according to Matthew Gardiner, cybersecurity strategist at Mimecast, who said that cybercriminals continue to adapt their email-based attacks, seeking ways to evade detection and bypass security solutions that rely on reputation-based detection or file signature matches.