Mimecast maps cyberthreat landscape

Cybercriminals’ attack strategies are becoming more organised and business-like, finding ways to reduce their work and improve their return on investment, according to a new report.

The Threat Intelligence Report — released by Mimecast — looked at over 67 billion emails rejected by the company over quarter two 2019, focusing on those rejected as spam, opportunistic and targeted attacks and impersonation detections to identify a variety of highly malicious attack techniques.

During their analysis, Mimecast identified three emerging attacks that use new tactics and techniques or others designed to circumvent detection technology or other security controls. These include reconnaissance attacks, infection with VBScript and simple impersonation email attacks.

In the first example, Mimecast described an attack they believe was part of a reconnaissance mission to determine the target’s security and detection response times. Here, the attacker sent an email with a .zip attachment and a subject line telling the target that they’d made a payment. Mimecast believes this was intended to panic the victim into opening the attachment. Upon opening the attachment, however, the victim was asked to enter a password included in either the email’s subject line or body to access an encrypted file. Mimecast was particularly intrigued with this attack as it combined technological and social engineering approaches to get the victim to “play an active role in the attack”. Similar attacks have been used to phish for Microsoft Office 365 credentials, according to the report.

In the second example, an attacker hid an executable (.exe) file containing malicious VBScript in a .tar file and other obfuscations to prevent detection. According to Mimecast, the .tar file contained UTF-16 VBScript which, when reconstructed by VBScript logic, would infect the target system with malware.

Finally, while simple impersonation email attacks haven’t really changed, they are increasing, with CEOs, CFOs and finance-related staff being impersonated most often. Mimecast expects this trend to continue.

A large number of well-known malware campaigns were also observed, according to the report, including those delivering Emotet, Adwind, Necurs and Gandcrab malware through Microsoft Documents, Java applications and attachments to brand-spoof emails. Microsoft Excel was one of the most popular file types used to distribute malware — implicated in over 40% of detected threats — while Microsoft Word files were seen in almost 15%.

“The cyberthreat landscape will continue to evolve as threat actors continue to look for new ways to bypass security channels to breach their targets. We’ve observed malware-centric campaigns becoming more sophisticated, often using different types of malware in different phases of an attack — yet, at the same time very simple attacks are also increasing significantly,” Mimecast Vice President of Threat Intelligence Josh Douglas said.

“The mission of the Threat Intelligence Report is to help organisations better understand the global threat landscape, so they can make more informed decisions on how to strengthen their security posture.”

The full report is available via the Mimecast website.

Image credit: © stock.adobe.com/au/pinkeyes