Greatest Cyber Risks Are Extortion, Geopolitical Tension, SMB Attacks

The Q4 Threat Intelligence report from Mimecast has offered security bosses an assessment of the greatest cybersecurity risks their online defences are likely to encounter.

The Mimecast report, based in part on Mimecast’s analysis of 1.7 billion emails per day on behalf of more than 42,000 customers, revealed extortion campaigns, geopolitical threats, and attacks on small and medium-sized businesses (SMBs) are among the greatest threats to cybersecurity defences.

It comes after the UK’s National Cyber Security Centre (NCSC), recently issued a warning about global ransomware threat levels, in a world where artificial intelligence (AI) systems are becoming increasingly pervasive. It said will almost AI will certainly “increase the volume and impact of cyber attacks in the next two years.”

Ransomware threat

Mimecast’s Q4 Threat Intelligence report also found found that “attackers are using generative AI and machine-learning models to create more convincing phishing lures and translate attacks into other languages.”

The report also looked at what issues are presenting the biggest threat to online defences, and offered recommendations for cybersecurity bosses to consider.

Essentially geopolitical tension, extortion and attacks on SMBs are the greatest cybersecurity risks highlighted in Mimecast’s Q4 Threat Intelligence report.

The report found that the ransomware threat continues to evolve, with the number of ransomware and breach-for-ransom campaigns continuing to grow in Q4 2023.

The report found that one of the larger criminal gangs, ALPHV Blackcat, compromised more than 1,000 victims with ransomware and data extortion and obtained more than $300 million in ransom payments by the end of the quarter.

The report also found that attack strategies have evolved from crypto-ransomware (where attackers encrypt data and hold the decryption key) to breach-for-ransom campaigns (where attackers steal sensitive data and threaten to release the sensitive information unless paid) to double- and triple-extortion strategies (where attackers combine tactics for more dire consequences).

Geopolitical tensions

“We blocked nearly 250 million attacks against Mimecast-protected systems in January – a new record high for the business, highlighting the sheer scale of the threat,” noted Mick Paisley, chief security and resilience officer at Mimecast.

“It’s striking that in a busy election year, with 76 countries due to go to the polls, geopolitical tensions have increased, leading to more cyberattacks, with over 100 hacker groups claiming participation in the Israel-Gaza conflict alone,” Paisley added.

“It is deeply concerning that nation-states are using cyber operations to gather intelligence on rival governments and attack critical infrastructure and information systems.”

“Organisations must act to ensure they and their employees are protected against this continuing uptick in malicious activity,” said Paisley. “Our new report offers threat-specific countermeasures and general recommendations to help combat threats.”

SMB threat

And the Mimecast report also noted that small and medium businesses (SMBs) continue to pay a big price, with these organisations encountering more than twice the number of threats – 31 and 32 threats per user (TPU), respectively – compared to users at large companies, who saw about 15 TPU in Q4.

Mimecast said the bigger risk for SMBs is due to a greater share of employees in critical roles. Therefore targeting those users results in a higher level of threats per user.

In addition, due to the fact that SMBs rely on credential-based cloud services for much of their operations, attackers are more focused on credential theft, which is a common phishing goal.

Mimecast cited the UK government as finding that a striking 99 percent of UK businesses are small to medium enterprises, making this threat particularly pronounced in Britain.

Malicious attachments

Mimecast also found that for the first time in Q4 2023, the average user was more likely to encounter a malicious link than a malicious attachment.

With users ignoring the overwhelming volume of email messages blocked as either spam or impersonation (phishing), attackers are shifting from delivering payloads as malware to sending links to malicious sites, which then deliver the payload, Mimecast warned.

The cybersecurity specialist also found that spam continues to account for the largest volume of malicious and suspicious email messages rejected, accounting for 86 percent of all blocked messages.

Recommendations

And the sectors that experienced the most attacks in the fourth quarter of 2023 were financial institutions; travel, hospitality, and catering companies; and human resource departments,

The Mimecast report also found “a surge in using QR codes to obfuscate links has continued, serving the same purpose as URL shortening schemes, but with an additional benefit to attackers, as victims have already become acclimated to snapping pictures of QR codes.”

Mimecast has a number of recommendations for cybersecurity bosses, including assessing their attack surface areas; minimising the attack surface by blocking unused services; prioritising vulnerabilities for patching; and making credentials resistant to phishing.