Impersonation attacks are on this rise – accounting for 26% of total detections.
These attacks now include voice phishing or “vishing,” an advanced attack observed in this quarter, where threat actors use social engineering to gain access to personal and financial information via the victim’s telephone system.
This is among the findings from Mimecast’s quarterly Threat Intelligence Report: Risk and Resilience Insights, which provides technical analysis from the Mimecast Threat Centre from July -September 2019 on the nature of attack campaigns in addition to observations and analysis of evolving threats.
The report includes analysis of 207-billion emails processed, 99-billion of which were rejected. It looks through the lens of the four main categories of attack types discovered in the quarter: spam, impersonation, opportunistic, and targeted.
South Africa experienced the single longest running campaign – an attack on several financial services systems in July – of any region under review.
An unknown threat actor or advanced criminal group utilised ZIP, RAR and HTML files containing generic Trojans over an eight day period encompassing more than 116 000 detections.
Four major campaigns were detected in South Africa between July and September, of which the financial services sector suffered the brunt of the impact.
While the report uncovered a mixture of simple, low effort and low-cost attacks targeting Mimecast customers, the data also high¬lights complex, targeted campaigns leveraging a variety of vectors and lasting several days.
These sophisticated attacks are likely carried out by organised and determined threat actors, employing obfuscation, layering, exploits, and encryption to evade detection.
Additionally, throughout the research, it was clear three industries were targeted the most by cyberattacks. Banking and legal, industries that are rich with sensitive information that yield results for threat actors and transportation, where state-sponsored threat actors seek to disrupt the logistical and supply capability of rivals.
“Threat actors seek numerous ways into an organisation – from using sophisticated tactics, like voice phishing and domain spoofing, to simple attacks like spam,” says Josh Douglas, vice-president of threat intelligence at Mimecast. “This quarter’s research found that the majority of threats were simple, sheer volume attacks.
“Organisations need to take a pervasive approach to email security – one that integrates the right security tools allowing for greater visibility at, in and beyond the perimeter. This approach also requires educating the last line of defence – employees.
“Coupling technology with a force of well-trained human eyes will help organisations strengthen their security postures to defend against both simple and sophisticated threats.”
Of the 207-billion emails processed, there were 25 significant malware campaigns identified this quarter which incorporated Azorult, Hawkeye, Nanocore, Netwired, Lokibot, Locky and Remcos.
The campaigns observed range from simple phishing campaigns to multi-vector campaigns alternating file types and attack vector, types of malware and vulnerabilities.
Nanobot, Loki and Remcos were the most significant threats deployed against financial services in South Africa; they were utilised in concert with a range of generic Trojans.
All the analysis discovered in the report is fed back into Mimecast engineering to enhance cloud-based security services, improving customer’s cyber resilience and helping them avoid disruptions to their business.
Additional key findings outlined in the report include:
* The majority of attacks are less sophisticated, high volume attacks – due to the ease of access for any individual to launch an attack and employees still clicking on malicious links.
* ZIP files accounted for 34% of file compression format attacks – consistently the most detected format due to reliance on human error.
* Researchers detected a complex range of malware, some of which has been around for many years, in addition to new threats. Malware threats are increasingly automated.
* Top sectors targeted this quarter were transportation, storage and delivery, banking and legal