Threat Intelligence Hub
Mimecast threat research delivers analysis of threat activity, statistics revealing attack trends, and recommendations for small businesses and large enterprises to protect their employees and mitigate the impact of risky users.
Your Threat Landscape
Discover your personalized threat landscape January to September 2025
Get your threat landscape results delivered to directly your inbox.
Congratulations!
Your personalized threat landscape results are ready and on their way to your inbox. Stay ahead of potential risks by exploring our platform and discovering how our solutions can help safeguard your organization. Visit our platform page to learn more!
Cloud service abuse
Cybercriminals increasingly use legitimate online services (LOTS strategy) to bypass security defenses. This visualization maps relationships between original URLs, malicious content types, and ultimate destinations, revealing how attackers obfuscate their intent through trusted business platforms. Understanding these connections is essential for developing effective cybersecurity measures that can identify threats hiding within legitimate services.
Top targeted industries by threats per user
Different industries face distinct attack methodologies, creating unique threat profiles for each sector. Our analysis reveals that attackers strategically vary their techniques based on industry characteristics, targeting specific vulnerabilities and data types. While every industry encounters significant volumes of spam and threats using low-reputation infrastructure, the specific attack vectors and techniques show marked variation across sectors and highlights the sophisticated nature of modern email threats. Understanding these distinct threat profiles allows organizations to implement more effective security measures rather than generic protections that may leave sector-specific vulnerabilities exposed.
Collaboration threats
Collaboration platform threats exhibit distinct detection patterns compared to traditional email environments, with attack types distributed differently across Microsoft Teams, SharePoint, and OneDrive. The distribution of threats reveals how closed collaboration environments create unique risk profiles. Understanding these platform-specific threat patterns enables organizations to implement security controls designed for persistent collaboration environments rather than relying solely on externally-focused defenses.
Top vulnerabilities over time
Email-borne vulnerability exploits concentration patterns examining the top 10 detected vulnerabilities—whether delivered directly via email or through embedded links. Our analysis also highlights significant divergence between EPSS scores and Common Vulnerability Scoring System (CVSS) ratings. This disconnect demonstrates how severity ratings may not accurately predict real-world exploitation likelihood, requiring security teams to consider both metrics.
BEC attacks
Business email compromise tactics are tracked by common techniques deployed over time, revealing how attackers prioritize different social engineering methods. This visualization categorizes BEC attempts by their core methodology with temporal patterns demonstrating tactical evolution. Understanding these technique distributions helps organizations tailor verification procedures and employee training to address the most prevalent BEC methodologies.
2025 Global Threat Intelligence Snapshot
Humans continue to play a primary role in most breaches, whether it's falling victim to social engineering attacks or brand impersonation scams.
Advanced attack infrastructure
Attackers are Living Off Trusted Services (LOTS), using Microsoft's, Google's, and Evernote's cloud services to host payloads and landing pages.
Chaos via world events
Business, political, and cybersecurity experts have increasingly warned that geopolitical tensions and cybersecurity risks are linked, as cybercriminals use them to sow chaos.
AI enables cybercrime
The spread of AI chat bots allows even would-be cybercriminals to gain the skills necessary for hacking.
Threat Intelligence Notifications
Read the latest threat intelligence notifications and gain insight to better protect your organization.
-
HR Themed Campaign
21 November 2025Read More
Credential harvesting campaign through QR codes using Docusign and HR lures -
New Employee Phishing Campaign
05 November 2025Read More
FlowerStorm AiTM attack bypasses MFA using HR lures -
Australian Government Impersonation Campaign
17 October 2025Read More
Services Australia phishing targets credentials across multiple sectors -
Ukrainian Geopolitical Themed Campaign
17 October 2025Read More
Conflict-themed social engineering distributes commodity RATs regionally -
SharePoint CAPTCHA Phishing Campaign
17 October 2025Read More
Multi-stage SharePoint attack uses fake CAPTCHA for evasion -
HR Impersonation RMM Campaign
17 October 2025Read More
Employee handbook lures now deploy PDQConnect remote tools -
Malicious RMM Tool Campaigns
10 October 2025Read More
Phishing campaigns deploy illegitimate RMM tools -
NPM Phishing Campaign
03 October 2025Read More
Phishing escalates to autonomous worm deployment -
Australian Bank Callback Scam
24 September 2025Read More
Multi-bank impersonation using callback technique. -
Hospitality Phishing Campaign
8 September 2025Read More
Large-scale credential harvesting campaign targeting hospitality industry. -
ScreenConnect Credential Harvesting
25 August 2025Read More
Credential harvesting campaign targeting ScreenConnect cloud administrator accounts -
Awardco Phishing Campaign
18 August 2025Read More
Learn about an active phishing campaign impersonating AwardCo to obtain credentials. -
UK Home Office Phishing Campaign
12 August 2025Read More
Learn about an active phishing campaign targeting UK sponsor license holders. -
AI Powered BEC Campaign
11 August 2025Read More
BEC Invoice campaign using AI to generate fake threads -
Microsoft Direct Send Abuse
6 August 2025Read More
Phishing campaigns abusing Microsoft internal addresses -
Grandoreiro Infostealer Campaign
4 August 2025Read More
Info Stealer Campaign Targeting South America, Europe and Africa -
HTML Tag Obfuscation
21 July 2025Read More
Learn about the latest techniques involving HTML tags and how they are being abused -
Sextortion Scams
14 July 2025Read More
Invoicing and accounting services used to distribute sextortion scams -
Astaroth Infostealer Campaign
16 June 2025Read More
Info Stealer Campaign Targeting South America -
Tax and Accident Insurance Impersonation
3 June 2025Read More
Sophisticated German tax authority BEC campaign targets organizational payment systems -
Fake CAPTCHA Conceals Scattered Spider Attacks
22 May 2025Read More
Learn how counterfeit CAPTCHA challenges bypass security controls targeting SendGrid, Okta, and others -
OAuth Abuse
5 May 2025Read More
OAuth manipulation campaign redirects users to malicious data gathering page -
SVG Attachment Abuse
31 March 2025Read More
Malicious code is being embedded in SVG image attachments that redirect users to phishing sites when opened -
Mimecast Phishing Campaign
18 March 2025Read More
Mimecast-branded phishing campaign targeting real estate industry -
Captcha Obfuscation
10 March 2025Read More
How Javascript and captcha can obfuscate malicious content -
Impersonating Booking.com
24 February 2025Read More
Sendinblue is utilized to distribute infostealers -
Missed Package Delivery
12 February 2025Read More
Learn how Asian ISPs are unaware of compromised accounts sold on underground markets. -
Copyright Infringement - Infostealer
12 February 2025Read More
Emails sent through Gmail via a Mail-Merge are impersonating reputable law firms claiming an infringement of copyrights. -
Open Spoofing
12 February 2025Read More
Learn how an advanced threat actor is leveraging compromised consumer routers as proxies in large scale credential phishing campaigns. -
Copy and Paste URL
12 February 2025Read More
Learn how threat actors are convincing users to copy malformed links from an email and paste those them into their browsers. -
Facebook Account Takeover
29 January 2025Read More
A recent phishing campaign leverages a legitimate CMS to send fraudulent job offer emails combined with lookalike domains impersonating well-known brands. -
Targeted BEC Scam
17 December 2024Read More
Threat actors deploy deepfake using voice in sophisticated law firm impersonation campaign. -
Invoice Based BEC Threats
18 November 2024Read More
Prevent the payment of fraudulent ZipRecruiter and TeamViewer invoices. -
Awareness Training Impersonation
16 December 2024Read More
Prevent the loss of credentials to phishing scams impersonating Awareness Training platforms. -
Hiding with Turnstile Verification
7 November 2024Read More
The latest obfuscation techniques to hide malicious content behind turnstile verification techniques. -
Broado Info Stealer
14 October 2024Read More
Prevent the exfiltration of AWS and Github credentials. -
AI Generated Phishing Messages
30 September 2024Read More
Use the indicators in AI-written messages to improve phishing investigation. -
Cloud File Shares
2 August 2024Read More
Learn about new obfuscation techniques requiring user interaction to access malicious content. -
Online AI Tools
2 August 2024Read More
Learn about the impersonation of HR teams through the abuse of HTML attachments. -
Workspaces Abuse
2 August 2024Read More
Learn how to protect your organization and inform your users about the abuse of cloud file services. -
Phishing campaigns using re-written links
31 July 2024Read More
Protect yourself against the abuse of rewritten links in phishing campaigns -
Trustpilot URL Redirect Abuse
26 July 2024Read More
Learn about the abuse of Trustpilot links through SendGrid and associated IOCs. -
CrowdStrike Phishing Campaign
23 July 2024Read More
Access the list of URLs utilized across the targeted CrowdStrike campaigns. -
Telephone based threats
8 July 2024Read more
Read about the rise of telephone-based scams. -
QR Code Phishing
17 June 2024Read more
Read about ongoing phishing campaign using QR codes. -
LinkedIn Redirect Abuse
10 June 2024Read more
Read about the continued abuse of legitimate cloud services for credential harvesting.
Keep your edge in threat intelligence
Join thousands of security professionals who rely on our curated alerts, expert analysis, and campaign IOCs to defend against the latest cyber threats.
Sign up successful
Thank you for signing up to receive updates for our threat intelligence notifications.
We will be in touch!
Mimecast regional threat
intelligence webinars
Join us monthly as our regional experts unpack the latest cybersecurity insights that empowers you and your organization with the knowledge to navigate the landscape, learn from the field, and boost your security strategy.
Sign up for your
regional series
Join us monthly as our regional experts unpack the latest cybersecurity insights that empowers you and your organization with the knowledge to navigate the landscape, learn from the field, and boost your security strategy.
Watch on-demand
Missed any episodes? Watch every episode on demand to stay up to date with the latest news, trends, and threat intelligence.
RiskRadar Species
Detect, Analyze, Action
