Slashdot Mirror

← Back to Stories (view on slashdot.org)

Email Security Systems Miss Thousands of Malicious Links (betanews.com)

Posted by msmash on from the closer-look dept.

A new study from email security company Mimecast shows that malicious links in emails are being missed by many security systems. From a report: Mimecast examined more than 142 million emails that had passed through organizations' email security vendors. The latest results reveal 203,000 malicious links within 10,072,682 emails were deemed safe by other security systems -- a ratio of one unstopped malicious link for every 50 emails inspected. The report also finds an 80 percent increase impersonation attacks in comparison to last quarters' figures. Additionally, 19,086,877 pieces of spam, 13,176 emails containing dangerous file types, and 15,656 malware attachments were all missed by these incumbent security providers and delivered to users' inboxes.

15 of 45 comments (clear)

  1. i don't them...i was not expecting an attachment by ole_timer · · Score: 1

    ...let's open it !!!...

    --
    nothing to see here - move along
  2. The Six Dumbest Ideas in Computer Security... by El+Cubano · · Score: 3, Informative

    A new study from email security company Mimecast shows that malicious links in emails are being missed by many security systems

    Of The Six Dumbest Ideas in Computer Security, this is a combination of 1 (on the part of the MUAs) and 2 (on the part of the scanners). So, no kidding.

    1. Re:The Six Dumbest Ideas in Computer Security... by toonces33 · · Score: 1

      We still live with these dumb ideas, and as time goes on, things evolve with no improvement in sight.

  3. Constructive solutions, please? by shanen · · Score: 1

    Oh wait. This is Slashdot. Asking for constructive solutions? Talk about pissing into the wind.

    I know y'all [typical Slashdot commenters] will find the notion hilarious (at best), but I actually think there are solution approaches. I'm just mystified why no one is approaching them, though I'd appreciate your guidance to existing solutions almost as much as your better ideas.

    For example, to whit...

    A lot of these problematic links could be quickly identified if the intended victims were asked to help. Or even given the opportunity to go that far out of their way if'n they wanted to. I am NOT advocating for a vigilante solution (but you better not let me get anywhere near any part of a rope with a spammer attached to it), but in the plentiful cases where the scamming spammers need human help, the selfsame humans could unhelp the spammers--if only it were made possible. Your email "security" system may be unsure what is going on, but I can absolutely assure you that I don't (and never will) have an account with Bank of America (just to pick a deserving example).

    For now I think that's enough time spent flogging this dead horse, but ADSAuPR, atAJG.

    --
    Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
  4. Been getting good ones for Office lately by ripvlan · · Score: 2

    We have started receiving some very high-quality Office365 "Your password is about to expire" notifications. They are super specific and somehow they know we use MS. As usual they are an exact copy of the real email (none of the usual grammar or spelling mistakes). The fact MS spam filtering doesn't flag these is troubling.

    If it weren't for the "From: Microsoft Office365 (billybob3248@ustexasam.edu)" it would look totally legit. My big issue that is that Outlook normally hides some of this information - at times making it difficult to see the mail headers. Gmail is a bit better, but only when it gets flagged as spam, I like their "Caution - this looks like [fishing/spam/other]"

    Only a select sub-group of employees receives these emails. It's very focused, and apparently not random. They pit specific employees against each other "hey Sally, I'm not in the office, please pay this bill, signed Bob" And both Sally and Bob are real people who work together. Sally isn't on LinkedIn - so their relationship, if guessed, was spectacularly a good guess. It amazes me where this information might be mined from.

    1. Re:Been getting good ones for Office lately by 110010001000 · · Score: 1

      Sally might not be on LinkedIn, but someone uploaded their contact list to LinkedIn and now LinkedIn knows everyone at the company.

    2. Re: Been getting good ones for Office lately by The-Ixian · · Score: 1

      One way we have seen is that phishers will send empty messages around holidays in order to harvest auto-response e-mails complete with user sigs.

      This not only nets the user's title, but also confirms that they are out of the office. Which then allows for a more sneaky spear phishing attack.

      --
      My eyes reflect the stars and a smile lights up my face.
    3. Re:Been getting good ones for Office lately by ripvlan · · Score: 1

      yes but.... are these connections available to an outside source? Linked in knows this connection. Can an affiliate also see this, thus passing it off to spammers?

      We've been thinking long, but not hard, on this issue.

  5. Re:i don't them...i was not expecting an attachmen by KiloByte · · Score: 1

    And what's wrong with that? Heck, I even let my mail client filter those pesky HTML attachments through lynx if need be -- too many bastards put the contents as such an attachment instead of the mail's body.

    No operating system would be insane enough to run executables this way, would it?

    --
    The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
  6. Re:Registered /.ers review of the Win64 model by 110010001000 · · Score: 1

    I totally agree and I personally use a HOSTS file blocker produced from a genius called APK as well.

  7. Re:The links are not malicious. by Anonymous Coward · · Score: 1

    The only way to stop malicious people with links, is good people with links.

  8. Re:i don't them...i was not expecting an attachmen by ole_timer · · Score: 1

    all email, including attachments, is in the body as mime 64 text...so even if you get text only and then copy and paste (or even re-type the url) into a browser you're still going to a potentially malicious site...and that only takes care of you - what if you have 10,000 users?

    --
    nothing to see here - move along
  9. Re:i don't them...i was not expecting an attachmen by jellomizer · · Score: 1

    Those are the old fashion ones. The thing is a lot of "secure" emails require you to click the link on the email, go to a secure site and read the email from the site. Outlook does this, as well as other options.
    This habit makes it easy to click on the link to see the secure email.

    The real problem is Email isn't secure, it is too easy to fool and spoof. It was an idea of well intention idealist, expecting only small scale usage.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  10. Microsoft the company who made weblinks dangerous by najajomo · · Score: 1

    Microsoft the company who made weblinks dangerous.

  11. Outlook. by antdude · · Score: 1

    I hate the ones in Outlook that change the links like: https://na01.safelinks.protect...... Argh.

    --
    Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).