Email security systems are missing 25 per cent more emails containing dangerous file types, a study from Mimecast observed
Mimecast Limited, an email and data security company, announced its quarterly Email Security Risk Assessment (ESRA), an aggregated report of tests that measure the effectiveness of widely used email security systems.
The company stated that dangerous file types are rarely sent by email for legitimate purposes, such as .jsp, .exe, .dll and .src, and can be used to facilitate an attack.
The company has inspected more than 180mn emails that were deemed “safe” from these incumbent systems. Within these emails, the tests found 16,581 emails that contained dangerous file types.
The report also found 21,183,014 spam emails, 17,403 malware attachments, 42,350 impersonation attacks and 205,363 malicious URLs, all missed by the email security system. This latest report concluded that an aggregate 12 per cent of all secured and filtered email were unwanted emails and thus were false negatives.
Lindsay Jack, security service director at Mimecast, said, “Mimecast has seen an increase in security efficacy versus legacy vendors along with detailed information on the proliferation of threats of all types. The ESRA provides deep insights for our customers on the types of attacks threatening their business.”
“Attacks we are seeing include key executives being targeted with cloud storage services exploits, impersonation attacks targeting legal, finance and administrative assistance as well as social engineering attacks against the C-suite. Mimecast helps organisations understand how they compare with other organizations in their geography or industry vertical. These reports provide insights on the rise of new types of malware and key trends in malicious email campaigns,” Jack added.
Matthew Gardiner, a cybersecurity strategist at Mimecast, commented, “Cybercriminals are constantly adapting their email-based attacks, looking for new ways to bypass security solutions that rely too heavily on reputation-based detection or file signature matches. This quarter we saw a particularly large jump in emails containing dangerous file types.”
“Mimecast uses multiple layers and types of detection engines, combined with high-performance analytics, a diverse set of threat intelligence sources, and computer-aided human analysis to identify and stop unsafe emails from getting into our customers’ inboxes,” he explained.