In the last 90 days, Cofense has identified tens of thousands of malicious emails that successfully evaded “secure” email gateways
Cofense®, the global leader in intelligent phishing defense solutions, today launched a comprehensive resource center and easy-to-use Real Phishing Threats searchable database to help organizations see the phishing threats that slip past their secure email gateways (SEG). In a world where hackers and threat actors constantly innovate and use tried-and-true tactics to stay one step ahead of detection, a multi-layered approach to email security is essential. In 2019, the Cofense Phishing Defense Center® analyzed 1.9 million suspicious emails that landed in employee inboxes across the globe, one in seven of which were found to be malicious.
Built on the world’s largest data lake of phishing threats found by real people, Cofense combines the power of collective human detection and intelligence with automated response, enabling teams to stop phishing attacks rapidly after they have evaded perimeter technologies. To help organizations bolster their defenses, Cofense is revealing the phishing emails that bypass SEGs every single day as well as the steps organizations can take to empower their employees and security teams to detect, report, analyze and quickly neutralize these threats.
n the last 90 days alone, Cofense has found:
- 31,231 malicious emails in environments protected by Microsoft Office 365
- 13,610 malicious emails in environments protected by Proofpoint
- 9,356 malicious emails in environments protected by Mimecast
- 2,936 malicious emails in environments protected by Symantec
“Several organizations view SEGs as a panacea to their email security woes. These technologies fail to deliver on their promise every day,” said Rohyt Belani, chief executive officer and cofounder, Cofense. “All SEG vendors including Proofpoint, Microsoft, Symantec, Mimecast and Cisco, to name a few, are circumvented every day by even commonplace phishing attacks that use years old malware and credential harvesting tricks. Cofense provides a modern phishing defense and response solution that relies on 23 million humans across the globe for detection, making it impossible for attackers to model their threats. We then leverage machine learning and automation to help our customers rapidly identify the full scope of the attacks and neutralize them before incidents evolve to breaches.”
SEGs are the most common type of perimeter technology used to stop spam and malicious email from landing in user inboxes, but they fall short every day for several reasons. According to the 2020 Verizon Data Breach Investigations Report, phishing is the top tactic used by adversaries to breach networks, and 92% of all malware is distributed via email according to a recent Cisco report. While SEGs can be tuned to validate senders, they cannot always defend against both tried-and-true and emerging tactics not seen before. Today’s phishing emails tend to use multiple stages of packing and obfuscation, rendering signature-based detection useless. Using real email accounts and legitimate websites, threat actors launch attacks and profit within hours. Not to mention, business email compromise (BEC) relies on email conversation, not URLs or other elements SEGs look for, to scam organizations out of billions every year.
Cofense will continue to regularly update its SEG Infocenter with the latest examples of real phish that have evaded email security technologies along with additional resources and intelligence related to SEG misses. For a limited time, organizations can also stay on top of the latest threats that are confirmed to have reached employees inboxes with 90 days of free access to Cofense Intelligence™, human-vetted, strategic and tactical intelligence that helps organizations inform their phishing defense strategy.
For in-depth analysis of phishing threats, visit the Cofense blog, and register for Cofense’s webinar on June 24, 2020 at 9 a.m. Pacific/11 a.m. Eastern to hear about the promise of SEGs, the methods threat actors use to evade them, and how organizations can leverage technology and human intelligence to succeed where SEGs fail.