Security Market Segment LS
Wednesday, 07 June 2017 22:49

‘Impersonation’ attacks break through email security at alarming rate Featured

‘Impersonation’ attacks break through email security at alarming rate Image courtesy of Stuart Miles at

There has been a massive rise in email impersonation attacks — where a cyber criminal attempts to impersonate a trusted individual — around the world, as organisations fight a seemingly losing battle to prevent malicious emails from breaking through security systems.

According to a new email security risk assessment report from email and data security provider Mimecast, the so-called impersonation attacks consist of emails that attempt to impersonate a trusted party such as a C-level executive, employee or business partner.

And, Mimecast found that the number of impersonation attacks detected in the latest quarter — compared to the data initially reported in February — rose more than 400% quarter over quarter.

And this simple method of attack, says Mimecast, is being exploited at an alarming rate as it can be used to dupe recipients into initiating wire transfers and sending back other sensitive data leading to significant financial loss – as evidenced by widely publicised recent attacks.

Emails containing no malware, but instead relying on duping recipients into responding to a request to send the attacker money, or highly monetisable data, have been detected.

Mimecast says both known and unknown cyber attacks, as well as spam, are continuing to get through incumbent email security systems.

The latest email security risk assessment report (ESRA) reflects findings from inspecting the inbound email of more than 44,000 users received over a cumulative 287 days by participating organisations.

Mimecast says, in aggregate to date more than 40 million emails have been inspected, all of which had already passed through the incumbent email security vendor or cloud email service in use by each organisation.

The ESRA test uncovered almost nine million pieces of spam, 8318 dangerous file types, 1669 known, and 487 unknown malware attachments and 8605 impersonation attacks.

Mimecast says the data reinforces the concerning reality that the industry must work towards a higher standard of email security, as 90% of attacks start with email.

In general, organisations everywhere are struggling with prolific ransomware attacks, like Locky, Mimecast notes.  

“Cyber criminals are constantly adapting their attack methods. For instance, this latest ESRA analysis reflects how impersonation attacks are getting through existing email security defences at an alarming rate,” says Ed Jennings, chief operating officer at Mimecast.

“If a CISO isn’t reviewing its current email security solution on a 12-18 month basis, they may be surprised at what threats are now getting into employees’ inboxes.

“At the same time, email security providers need to ensure they’re doing their due diligence to protect customers from new attacks, whether they be advanced or simple. The Mimecast ESRA results show a clear need for the security industry to come together in the fight against email-borne threats.”

WEBINAR event: IT Alerting Best Practices 27 MAY 2PM AEST

LogicMonitor, the cloud-based IT infrastructure monitoring and intelligence platform, is hosting an online event at 2PM on May 27th aimed at educating IT administrators, managers and leaders about IT and network alerts.

This free webinar will share best practices for setting network alerts, negating alert fatigue, optimising an alerting strategy and proactive monitoring.

The event will start at 2pm AEST. Topics will include:

- Setting alert routing and thresholds

- Avoiding alert and email overload

- Learning from missed alerts

- Managing downtime effectively

The webinar will run for approximately one hour. Recordings will be made available to anyone who registers but cannot make the live event.



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Peter Dinham

Peter Dinham - retired and is a "volunteer" writer for iTWire. He is a veteran journalist and corporate communications consultant. He has worked as a journalist in all forms of media – newspapers/magazines, radio, television, press agency and now, online – including with the Canberra Times, The Examiner (Tasmania), the ABC and AAP-Reuters. As a freelance journalist he also had articles published in Australian and overseas magazines. He worked in the corporate communications/public relations sector, in-house with an airline, and as a senior executive in Australia of the world’s largest communications consultancy, Burson-Marsteller. He also ran his own communications consultancy and was a co-founder in Australia of the global photographic agency, the Image Bank (now Getty Images).



Recent Comments