Story image

25% of malicious emails still make it through to recipients

12 Dec 2018

Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.

The company’s latest quarterly Email Security Risk Assessment (ESRA) found that out of the 181.9 million emails scanned, 21.2 million spam emails were not picked up by organisations’ email security systems.

Those email security systems also missed more than 25% of emails containing dangerous file types .jsp, .exe, .dll, and .src.

Mimecast says these file types are rarely sent by email for legitimate purposes and they are often used to conduct an attack.

The report also found 21,183,014 spam emails, 17,403 malware attachments, 42,350 impersonation attacks and 205,363 malicious URLS, all of which were missed by email security systems. 12% of all secured and filtered email were unwanted emails, so they were false negatives.

“Attacks we are seeing include key executives being targeted with cloud storage services exploits, impersonation attacks targeting legal, finance and administrative assistance as well as social engineering attacks against the C-suite,” explains Mimecast security service director Lindsay Jack. 

“Mimecast has seen an increase in security efficacy versus legacy vendors along with detailed information on the proliferation of threats of all types. The ESRA provides deep insights for our customers on the types of attacks threatening their business.”

Mimecast cybersecurity strategist Matthew Gardiner adds that criminals are constantly adapting email-based attacks.

Criminals are looking for new ways to bypass security solutions that rely too heavily on signature-based files or reputation-based detection.

“Mimecast uses multiple layers and types of detection engines, combined with high performance analytics, a diverse set of threat intelligence sources, and computer aided human analysis to identify and stop unsafe emails from getting into our customers’ inboxes.”

Mimecast determined that 160.6 million of the emails it analysed were safe. This quarter’s assessment found that these email security systems are missing more than 25% of emails containing dangerous file types in comparison to last quarter’s findings.

Apple's AirPods now come with 'Hey Siri' functionality
The new AirPods come with a standard case or a Wireless Charging Case that holds additional charges for more than 24 hours of listening time.
NZ investment funds throw weight against social media giants
A consortium of NZ funds managing assets worth more than $90m are appealing against Facebook, Twitter, and Google following the Christchurch terror attacks.
Poly appoints new A/NZ managing director, Andy Hurt
“We’re excited to be bringing together two established pioneers in audio and video technology to be moving forward and one business – Poly."
Unity and NVIDIA announce real-time ray tracing across industries
For situations that demand maximum photorealism and the highest visual fidelity, ray tracing provides reflections and accurate dynamic computations for global lighting.
NVIDIA announces Jetson Nano: A US$99 tiny, yet mighty AI computer 
“Jetson Nano makes AI more accessible to everyone, and is supported by the same underlying architecture and software that powers the world's supercomputers.”
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
NVIDIA introduces a new breed of high-performance workstations
“Data science is one of the fastest growing fields of computer science and impacts every industry."
Apple says its new iMacs are "pretty freaking powerful"
The company has chosen the tagline “Pretty. Freaking powerful” as the tagline – and it’s not too hard to see why.