Email impersonation attacks are skyrocketing, and bad actors are using social engineering techniques and other complex tools to target their victims, according to the Threat Intelligence Report, Black Hat Edition 2019, a study by Mimecast.
More than 40% of the threats use Microsoft Excel to distribute malicious content. And Microsoft Word is utilized in almost 15% of the threats.
In addition, attackers are incorporating Emotet, Adwin, Necurs, and Gandcrab malware.
The research is based on processing of almost 160 billion emails, including 67 billion that were rejected for displaying highly malicious attack techniques, Mimecast says.
It found that cyber felons are initiating their attacks through email first, then shifting to less secure SMS.
At the same time, complex attacks increasingly use obfuscation, layering and bundling of malware. Trojans are used in 71% of opportunistic attacks.
The most targeted sector for malicious spam is professional Education, perhaps because changing student populations do not have a high security awareness. Management and biotechnology account for 30% of all impersonation attacks.
“We’ve observed malware-centric campaigns becoming more sophisticated, often using different types of malware in different phases of an attack—yet, at the same time very simple attacks are also increasing significantly,” states Josh Douglas, vice president of threat intelligence at Mimecast.
In a related development, Mimecast has introduced a tool called Mimecast Threat intelligence. It is designed to give companies access to data and analytics relating to their overall organization.