Cybersecurity Trends: Our Most Read Blogs of 2019 Q2
See what caught the eyes of Cyber Resilience Insights readers last quarter.
With the second quarter of 2019 in the books, we wanted to provide you a one-stop shop for the most-read new content we posted on Cyber Resilience Insights during that time. Below you'll find links and summaries for the 10 most-read blogs of the second quarter of 2019.
Reminder: if you haven't subscribed to Cyber Resilience Insights yet, you're missing out on a weekly roundup of all our content. You can sign up here. It's as simple as typing in your email address and hitting "Subscribe Now." That's it. It'll be the easiest thing you do all day.
Now, on to our quarterly top 10:
The Mimecast Threat Center team discovered a technique to launch remote DDE attacks through a flaw in the Power Query feature of Microsoft Excel. Microsoft offered a workaround for the flaw, and customers with Mimecast Targeted Threat Protection - Attachment Protect are safe from this kind of attack. Ofir Shlomo took a technical deep-dive in this post.
In this research from the Mimecast Threat Center team, Dor Zvi examined the increasingly-popular attack technique of fileless malware. Dor also discussed a novel type of fileless malware attack that had not previously been seen.
Matthew Gardiner introduced Mimecast's third-annual State of Email Security report in this post from late May. In the post, he highlighted several of the report's key findings, including that 94% of organizations had experienced a phishing attack at some point in the previous 12 months from the survey.
The 9th quarterly release of the Mimecast Email Risk Assessment report highlighted real-life examples of threats that other email security systems missed. Matthew Gardiner explored some of those threats, including impersonation and credential-stealing attacks against Microsoft Office 365 users.
Another one from Matthew Gardiner here, this time examining data from a TechValidate survey on Mimecast's Internal Email Protect service. The survey found that internally-generated email represents the majority of email traffic at most organizations, with 46% of respondents noting that 51%-75% of their overall email traffic is internally generated.
In this post highlighting some of the 2019 State of Email Security report findings, Matthew Gardiner de-bunked some of the media discussions about how ransomware is no longer the serious threat to organizations it was a few years ago. In fact, the report cited a 27% increase in ransomware for organizations over the previous year.
In advance of his appearance at the Infosecurity London conference, Meni Farjon took a look at several key questions security pros should ask: How exactly are attackers leveraging technologies and tools to evade dynamic analysis? How can you tackle evasive malware by using your existing controls? By understanding the pros and cons of the technology, pros would be able to better assess their existing layers of defense.
A phishing scam targeting Chase Bank customers not only asked for victims’ personal information but also requested an uploaded selfie of them holding their ID or driver’s license. Crazy, right? This campaign, discovered by MalwareHunter Team, started with the scam’s landing page that looks like a legitimate Chase Bank login form.
CISOs and security professionals have enough to deal with every day. The last thing they need is overload from having to manage too many security tools. Research shows that some enterprises have upwards of 75 different IT security tools in their environment. Marc French examines this issue and offers prescriptive advice on how to de-tangle these webs.
Here's another look at some of the data from the State of Email Security report, this time with a view into statistics and trends around awareness training. Michael Madon showed that while adoption continues to rise for awareness training globally, questions remain on methods and how it is actually being adopted.
Subscribe to Cyber Resilience Insights for more articles like these
Get all the latest news and cybersecurity industry analysis delivered right to your inbox
Sign up successful
Thank you for signing up to receive updates from our blog
We will be in touch!