Geopolitical Tension, Extortion and Attacks on SMBs are the Greatest Cybersecurity Risks
Share
The second edition of Mimecast’s Global Threat Intelligence report covers Q4 of 2023 and is based in part on Mimecast’s analysis of 1.7 billion emails per day on behalf of more than 42,000 customers
Mimecast, an advanced email and collaboration security company, published its Q4 Global Threat Intelligence Report today, revealing extortion campaigns, geopolitical threats, and attacks on small and medium-sized businesses (SMBs) to be among the greatest threats to cybersecurity defenses. The report analyzes the threat landscape for Q4 2023 and offers actionable recommendations on how to improve cyber defense. Key findings from the report include:
Ransomware threat evolves to effectively hold victims hostage
Ransomware and breach-for-ransom campaigns continued to grow in Q4 2023, with one of the larger groups, ALPHV Blackcat, compromising more than 1,000 victims with ransomware and data extortion and reaping more than $300 million in ransom payments by the end of the quarter. Attack strategies have evolved from crypto-ransomware (where attackers encrypt data and hold the decryption key) to breach-for-ransom campaigns (where attackers steal sensitive data and threaten to release the sensitive information unless paid) to double- and triple-extortion strategies (where attackers combine tactics for more dire consequences).
Mick Paisley, Chief Security & Resilience Officer at Mimecast, said: “We blocked nearly 250 million attacks against Mimecast-protected systems in January – a new record high for the business, highlighting the sheer scale of the threat.
“It’s striking that in a busy election year, with 76 countries due to go to the polls, geopolitical tensions have increased, leading to more cyberattacks, with over 100 hacker groups claiming participation in the Israel-Gaza conflict alone. It is deeply concerning that nation-states are using cyber operations to gather intelligence on rival governments and attack critical infrastructure and information systems. Organizations must act to ensure they and their employees are protected against this continuing uptick in malicious activity. Our new report offers threat-specific countermeasures and general recommendations to help combat threats.”
Small and Medium businesses pay BIG price
Users at small and medium-sized businesses encountered more than twice the number of threats — 31 and 32 threats per user (TPU), respectively — than users at large companies, who saw about 15 TPU in Q4.
The larger risk for SMBs is due to a greater share of employees in critical roles; targeting those users results in a higher level of threats per user. In addition, because SMBs rely on credential-based cloud services for much of their operations, attackers are more focused on credential theft, a common phishing goal. A striking 99% of UK businesses are small to medium enterprises, according to the UK Government, making the threat particularly pronounced in the UK.
Threat actors become less attached
In Q4, for the first time, the average user was more likely to encounter a malicious link than a malicious attachment. With users ignoring the overwhelming volume of email messages blocked as either spam or impersonation (phishing), attackers are shifting from delivering payloads as malware to sending links to malicious sites, which then deliver the payload.
For more insights and key recommendations from our team download the full report: Mimecast’s Global Threat Intelligence Report October – December 2023.
Mimecast: Work Protected™
Since 2003, Mimecast has stopped bad things from happening to good organizations by enabling them to Work Protected. We empower more than 42,000 customers to help mitigate risk and manage complexities across a threat landscape driven by malicious cyberattacks, human error, and technology fallibility. Our advanced solutions provide the proactive threat detection, brand protection, awareness training, and data retention capabilities that evolving workplaces need today. Mimecast solutions are designed to transform email and collaboration security into the eyes and ears of organizations worldwide.
