Special Threat Intelligence Report Released for RSA Conference Indicates Huge Uptick in Malware Campaigns Led by Resurgence of Emotet

Posted on by Tony Kontzer

When 50,000 people who do what you do gather in one place, you might as well give them something to chew on, and that’s just what email security vendor Mimecast has done.

The London-based firm released a special RSA Conference edition threat intelligence report that paints yet another bleak picture of the battles cybersecurity teams face.

During the last three months of 2019, Mimecast analyzed more than 202 billion emails, 92 billion of which were rejected. Researchers detected 61 significant malware campaigns against numerous business sectors, a 145-percent increase over the previous quarter.

One significant driver for the increase: The infamous Emotet returned with a vengeance after a quiet few months. Mimecast said Emotet detections were noted in all sectors of every region on specific days, a level of sophistication that makes it “highly likely” the attacks are being carried out by organized crime groups.

Emotet has become a component of nearly all hybridized attacks, in which simple and complex attacks are conducted simultaneously. Its subscription-based “malware-as-a-service” model makes it accessible and attractive to a wider array of threat actors.

Mimecast said Emotet’s increased usage is likely to be related to a 5-percent drop in impersonation attacks, as well as an effort on the part of cyber criminals to make the most of ransomware before organizations invest in a wave of cyber resilience.

That Emotet activity rose as the end of the year approached was not entirely surprising. Earlier this week, during a session at the RSA Conference, Adam Kujawa, director of Malwarebytes Labs, shared a graph that indicated the Emotet has tended to spike at the beginning and end of the year, while slowing down during the later spring and summer months.

In fact, he said that Malwarebytes Labs threat intelligence research showed that Emotet was responsible for two thirds of all malware attacks between January and March of 2019.

Other findings from Mimecast’s report included:

-Bulk email remains a high-volume channel for distributing malware, relying on human error to do its job. So long as cyber criminals know they can deploy malware in huge volumes, thereby increasing the odds of success, they’re likely to continue doing so.

-Don’t be fooled by the small drop in impersonation attacks. It’s a blip for a threat that remains prominent. And voice phishing belongs in that category, too.

-Malware attacks targeted a wider range of companies across sectors, and for shorter periods of just one or two days, compared with multiple days in the previous quarter.

Naturally, Mimecast researchers had some suggested actions for organizations to take to reduce the possibility of being victimized by a malware attack.

For starters, they recommend emphasizing resilience to help ensure they can continue to conduct business through a potential recover time of six months. That means making use of cloud-based email and data archiving.

They also stressed the importance of keeping patches up to date, reducing shadow IT and clearly articulating the risks presented by older, unsupported, obsolete technologies.

Along with this, they recommend keeping users informed on current, prevalent threats through increased security awareness training, enforcing strict password requirements, and implementing two-factor authentication.

Tony Kontzer

, RSA Conference

Hackers & Threats


Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community