subscribe: Daily Newsletter

 

Mimecast guards against whaling attacks

0 comments

Mimecast has announced general availability of Impersonation Protect, the first cloud service that directly combats the growing cybersecurity threat from whaling or CEO fraud.
Mimecast’s new Impersonation Protect uses advanced scanning techniques to prevent attacks by monitoring all email traffic for elements commonly used by criminals, including employee and domain names, and other keywords like ‘wire transfer,’ ‘tax form’ or ‘urgent.’ IT administrators and security organisations can now block suspicious emails or choose to display additional security warnings for employee awareness. Cybercriminals are commonly using email as an entry point to steal confidential data and dupe employees into making fraudulent payments costing the global economy billions of dollars annually.
New Mimecast research shows the threat continues to grow. Since January 2016, 67% of respondents* had seen an increase in attacks designed to instigate fraudulent payments and 43% saw an increase in attacks specifically asking for confidential data like HR records or tax information.
“Email remains a highly popular attack vector for cybercriminals, for good reason: it is one of the most direct paths to entry into the enterprise, and it relies heavily (and all too often, successfully) on human behavior to assure initial penetration. This means that attackers will continue to prioritize email – and defenses must level up accordingly,” comments Scott Crawford, information security research director at 451 Research. “Whaling, for example – the targeting of executives and highly placed individuals in an organisation – is becoming a more frequent variant of spear-phishing, and is a tactic cybercriminals are using with great success.
“These and similar CEO-fraud attacks would benefit from a security approach tailored to the changing threat landscape, such as in-context user awareness training where users receive not only warnings and guidance about the threat of clicking on phishing links or opening up malware-laden attachments, but also indicators of fraudulent emails masked as executive communications.”
Peter Bauer, Mimecast CEO, comments: “Over 905 of cyberattacks begin with email, and social engineering-led email attacks are growing rapidly. Whaling is a particularly insidious attack and has proven lucrative by successfully targeting specific teams and individuals that attackers have researched via social media. It catches out even the most cautious people. Protecting employees requires updated technology that goes beyond traditional email security. Without the right protection, organizations are losing millions of dollars and exposing data to fraudsters.”
Impersonation Protect, the newest addition to Mimecast Targeted Threat Protection, gives customers of all sizes the comprehensive protection they need against whaling and other damaging forms of spear-phishing, such as weaponized attachments, ransomware and malicious links.
*Mimecast conducted a survey of 436 IT experts at organizations in the US, UK, South Africa and Australia in March 2016. Respondents assessed the growth in a range of email attacks seen over the last three months.