Slashdot Mirror

← Back to Stories (view on slashdot.org)

Email Security Systems Miss Thousands of Malicious Links (betanews.com)

Posted by msmash on from the closer-look dept.

A new study from email security company Mimecast shows that malicious links in emails are being missed by many security systems. From a report: Mimecast examined more than 142 million emails that had passed through organizations' email security vendors. The latest results reveal 203,000 malicious links within 10,072,682 emails were deemed safe by other security systems -- a ratio of one unstopped malicious link for every 50 emails inspected. The report also finds an 80 percent increase impersonation attacks in comparison to last quarters' figures. Additionally, 19,086,877 pieces of spam, 13,176 emails containing dangerous file types, and 15,656 malware attachments were all missed by these incumbent security providers and delivered to users' inboxes.

2 of 45 comments (clear)

  1. The Six Dumbest Ideas in Computer Security... by El+Cubano · · Score: 3, Informative

    A new study from email security company Mimecast shows that malicious links in emails are being missed by many security systems

    Of The Six Dumbest Ideas in Computer Security, this is a combination of 1 (on the part of the MUAs) and 2 (on the part of the scanners). So, no kidding.

  2. Been getting good ones for Office lately by ripvlan · · Score: 2

    We have started receiving some very high-quality Office365 "Your password is about to expire" notifications. They are super specific and somehow they know we use MS. As usual they are an exact copy of the real email (none of the usual grammar or spelling mistakes). The fact MS spam filtering doesn't flag these is troubling.

    If it weren't for the "From: Microsoft Office365 (billybob3248@ustexasam.edu)" it would look totally legit. My big issue that is that Outlook normally hides some of this information - at times making it difficult to see the mail headers. Gmail is a bit better, but only when it gets flagged as spam, I like their "Caution - this looks like [fishing/spam/other]"

    Only a select sub-group of employees receives these emails. It's very focused, and apparently not random. They pit specific employees against each other "hey Sally, I'm not in the office, please pay this bill, signed Bob" And both Sally and Bob are real people who work together. Sally isn't on LinkedIn - so their relationship, if guessed, was spectacularly a good guess. It amazes me where this information might be mined from.