Joel Silverstein

by Joel Silverstein

Senior Manager, Content Strategy

Posted Jul 02, 2019

See what caught the eyes of Cyber Resilience Insights readers last quarter.

GettyImages-912778460.jpgWith the second quarter of 2019 in the books, we wanted to provide you a one-stop shop for the most-read new content we posted on Cyber Resilience Insights during that time. Below you'll find links and summaries for the 10 most-read blogs of the second quarter of 2019.

Reminder: if you haven't subscribed to Cyber Resilience Insights yet, you're missing out on a weekly roundup of all our content. You can sign up here. It's as simple as typing in your email address and hitting "Subscribe Now." That's it. It'll be the easiest thing you do all day.

Now, on to our quarterly top 10:

Exploit Using Microsoft Excel Power Query for Remote DDE Execution Discovered - June 27

The Mimecast Threat Center team discovered a technique to launch remote DDE attacks through a flaw in the Power Query feature of Microsoft Excel. Microsoft offered a workaround for the flaw, and customers with Mimecast Targeted Threat Protection - Attachment Protect are safe from this kind of attack. Ofir Shlomo took a technical deep-dive in this post.

Obfuscated Fileless Malware in Cyberattackers' Toolkits: A Closer Look - June 4

In this research from the Mimecast Threat Center team, Dor Zvi examined the increasingly-popular attack technique of fileless malware. Dor also discussed a novel type of fileless malware attack that had not previously been seen. 

What is the Current State of Email Security Globally? - May 28

Matthew Gardiner introduced Mimecast's third-annual State of Email Security report in this post from late May. In the post, he highlighted several of the report's key findings, including that 94% of organizations had experienced a phishing attack at some point in the previous 12 months from the survey.

Real Examples of Threats Missed by Email Security Systems - June 5

The 9th quarterly release of the Mimecast Email Risk Assessment report highlighted real-life examples of threats that other email security systems missed. Matthew Gardiner explored some of those threats, including impersonation and credential-stealing attacks against Microsoft Office 365 users.

Insider Threat Protection: How Organizations Address the Inevitable - April 3

Another one from Matthew Gardiner here, this time examining data from a TechValidate survey on Mimecast's Internal Email Protect service. The survey found that internally-generated email represents the majority of email traffic at most organizations, with 46% of respondents noting that 51%-75% of their overall email traffic is internally generated. 

Survey Says: Ransomware is Still a Top Threat for Most Organizations - June 19

In this post highlighting some of the 2019 State of Email Security report findings, Matthew Gardiner de-bunked some of the media discussions about how ransomware is no longer the serious threat to organizations it was a few years ago. In fact, the report cited a 27% increase in ransomware for organizations over the previous year.

Is Dynamic Analysis Enough to Stop Evasive Malware Attacks? - May 15

In advance of his appearance at the Infosecurity London conference, Meni Farjon took a look at several key questions security pros should ask: How exactly are attackers leveraging technologies and tools to evade dynamic analysis? How can you tackle evasive malware by using your existing controls? By understanding the pros and cons of the technology, pros would be able to better assess their existing layers of defense.

Phishing for Selfies? New Scam Targets Chase Bank Customers - April 30

A phishing scam targeting Chase Bank customers not only asked for victims’ personal information but also requested an uploaded selfie of them holding their ID or driver’s license. Crazy, right? This campaign, discovered by MalwareHunter Team, started with the scam’s landing page that looks like a legitimate Chase Bank login form.

How Many IT Security Tools Do You Need? - June 11

CISOs and security professionals have enough to deal with every day. The last thing they need is overload from having to manage too many security tools. Research shows that some enterprises have upwards of 75 different IT security tools in their environment. Marc French examines this issue and offers prescriptive advice on how to de-tangle these webs.

The Rising Tide of Cyber Awareness in Today's Enterprise - June 12

Here's another look at some of the data from the State of Email Security report, this time with a view into statistics and trends around awareness training. Michael Madon showed that while adoption continues to rise for awareness training globally, questions remain on methods and how it is actually being adopted.

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

Joel Silverstein

by Joel Silverstein

Senior Manager, Content Strategy

Posted Jul 02, 2019

You may also like:

Exploit Using Microsoft Excel Power Query for Remote DDE Execution Dis…

Mimecast Threat Center discovered a weak…

Mimecast Threat Center discovered a weakness in the Microsof… Read More >

Ofir Shlomo

by Ofir Shlomo

Security Research Team Leader

Posted Jun 27, 2019

Obfuscated Fileless Malware in Cyberattackers' Toolkits: A Closer Look

The latest from Mimecast Research Labs i…

The latest from Mimecast Research Labs includes a malware te… Read More >

Dor Zvi

by Dor Zvi

Security Researcher, Mimecast

Posted May 31, 2019

Baltimore Ransomware Attack Highlights Vulnerabilities in Municipal IT…

Resource-thin IT departments need a plan…

Resource-thin IT departments need a plan for cyber resilienc… Read More >

Marc French

by Marc French

Senior Vice President & Chief Trust Officer

Posted May 31, 2019