Blog

Mimecast’s Global Threat Intelligence Report - The Findings

Alexis Anido
December 7, 2023
Home

Let's Get STARTED

Mimecast has released its Global Threat Intelligence Report that shares insights and analysis of threat activity from July to September 2023. The report aims to help businesses deliver continuous improvements to their cyber security posture. We’ve summarised the key findings of the report as well as recommendations to mitigate cyber threats in 2023 and beyond.

KEY FINDINGS

Mimecast’s research shows that two-thirds of businesses suffered a ransomware attack in the past year, nearly all were targeted by email-based phishing attacks and over three-quarters expect that email will lead to an attack with serious consequences in the future. What is clear is that threats continue to rise. Within the report, there were several key findings:

  • Rise in Impersonation - impersonation not only increased but became more sophisticated as cyber criminal groups used it to gain access to target organisations. The number of spam messages increased by 7% from the previous quarter, while the number of impersonation attempts and malicious links sent to each user doubled.
  • Emergence of Multiple Zero-Day Threats - zero-day exploitation of vulnerabilities became more of a threat as actors increased their focus on cloud platforms and applications. Attackers targeted flaws in MOVEit, vulnerabilities in Microsoft software and browsers and apps using the open-source libvpx and libwebp image libraries.
  • Focus on Credential Phishing - credential phishing was a major focus of email-based attacks in the report, with cloud-based collaboration software platforms, such as Microsoft Teams and Slack, becoming additional channels for stealing credentials.
  • Growing Threat for Medium-Sized Business - opportunistic attackers view smaller companies as easier targets for phishing and ransomware campaigns and see them as more profitable than larger businesses. In addition, they are a good launching point for then compromising larger partner companies.
  • Rise in use of PDF and Excel - the use of malicious PDF files increased by 158% from the previous quarter. While users see relatively few malicious attachments, PDF and Microsoft Excel formats are commonly used against specific targets in spear phishing of BEC attacks.
  • Return to Pre-Pandemic Targets - attackers focused on internal groups and external services critical to business operations. Top targets included human resources firms, information technology software and services and financial services. Users in these industries encountered threats at a rate far above the average in other sectors.

WHAT CAN BE DONE?

The outlook doesn't look good and business owners and security professionals are right to be concerned. According to Mimecast’s report, over three-quarters of security professionals are anticipating a serious email-based compromise this year and almost the same number expect to suffer a similar attack through their collaboration tools. As the numbers have shown, cybercriminals will use all and any attack vectors, especially those that can be mass delivered, such as phishing, spam and impersonation emails. To help counter these attacks, Mimecast’s report recommends several threat-specific countermeasures:

  • Review Service Level Agreements - security from third parties is vital to reduce supply-chain compromise. Businesses should review their service level agreements, ensure a base level of cyber security and monitor suppliers more closely.
  • Block Image Auto-Loading - it’s expected that attackers will increasingly use image file types as carriers for malicious content. Businesses should configure email clients to prevent the loading of images in messages unless explicitly requested by the user.
  • Regularly Scan External Network - with an increasing number of attacks against remote desktop protocol ports, businesses should regularly scan their external network to ensure publicly accessible server ports are closed or sufficiently protected.
  • Segment Internal Networks - to prevent attackers from quickly moving laterally, businesses should segment their internal network and ensure critical assets are stored in their own secure area; this can reduce the damage caused by ransomware and other attacks and make detection easier.

The report also includes more general recommendations that can be used to help combat the rising threats:

  • Maintain Data Backups - robust backups of critical data and routine recovery process testing are vital to minimise downtime and costs after an attack.
  • Managing Cyber Security Awareness - all users should be regularly trained using recent examples of attacks and be given strategies to detect suspicious emails.
  • Harden User Credentials - robust passwords should be enforced, especially for privileged users, and default admin passwords should be eliminated.
  • Use Multi-Factor Authentication - adding pervasive multi-factor authentication to both cloud and internal infrastructure can greatly reduce risk.
  • Prioritise and Patch Vulnerabilities - by prioritising actively exploited vulnerabilities, businesses can patch quicker and build greater resilience.

The report also provides actionable steps (specific to Mimecast customers) to protect their users from the threats highlighted in the report. You can view the recommendations here.

PROTECTING YOUR BUSINESS

Cybercriminals will continue to tailor threats to leverage current events using all attack vectors, which makes it vital for your business to be prepared. Mimecast’s quarterly report serves as an excellent resource to help with this, highlighting many new threats before they become widely known. By reviewing the key findings from the report and the recommendations for mitigating the risks those threats pose, you can protect your business and build greater resilience to emerging threats.