Report: Credential harvesting attacks target Virtru, Mimecast and Proofpoint

Written by Tshedimoso Makhene | December 19, 2024

What happened

A new report from phishing defense company Cofense Inc. shows cybercriminals are leveraging the credibility of trusted email security providers, including Proofpoint, Mimecast, and Virtru, to execute sophisticated phishing attacks. These campaigns trick recipients into divulging sensitive credentials through fake email attachments, phishing links, and credential-harvesting tactics.

Imitating well-known companies' branding and email content boosts the chances that victims will trust malicious emails and engage with harmful material. The report documents numerous examples of these tactics, showing how attackers compromise sensitive data and infiltrate organizations.

Going deeper

Cofense researchers highlighted several examples of the techniques threat actors are using:

Proofpoint: Attackers crafted highly convincing emails that mimicked Proofpoint’s secure email branding. These emails included embedded links or HTML attachments that redirected victims to fake login pages. Unsuspecting recipients who entered their credentials on these counterfeit sites inadvertently handed over access to sensitive accounts.
Mimecast: Similarly, phishing campaigns targeted Mimecast users with malicious emails containing fake attachments and cleverly worded messages. Despite appearing legitimate, these emails often exhibited subtle red flags, such as mismatched sender domains and the use of free email services like Gmail.
Virtru: Phishing emails targeting Virtru users included embedded links to Google Docs that replicated Virtru’s branding. These links directed users to counterfeit login pages designed to harvest credentials under the guise of secure email access.

The top email security trends that organizations need to look out for are:

Credential phishing
The use of QR codes in phishing campaigns
Threat actors using brand imitation and vishing tactics
Malware strategies continue to advance with several notable families emerging as major threats:
- DarkGate and PikaBot
- Emotet/Geodo
- Agent Tesla
- FormBook
- Snake Keylogger

What was said

Cofense credits its insights to a global network of over 35 million trained employees reporting threats around the clock and proprietary data with a 99.998% accuracy rate. “No one else has over a decade of insights and intelligence into the threats that every SEG misses,” the report emphasizes.

The Cofense report highlights the ineffectiveness of many secure email gateways (SEGs) in stopping modern phishing attacks. “In 2023, malicious email threats bypassing secure email gateways increased by more than 100%. In other words, your email security solutions aren’t stopping the threats you think they are,” the report states.

“This year, credential phishing threats increased by 49% over 2022,” Cofense said. “Organizations cannot settle for ‘good enough’ email security. It only takes one breach to damage a company’s financial status, brand reputation, and relationship with its employees and customers.”

Cofense advocates for a holistic email security approach, combining advanced threat detection, rapid response systems, and employee training. “Today’s organizations must condition employees to identify and report malicious emails while deploying industry-leading solutions to identify and remediate threats actively bypassing SEGs.”

Looking forward, the report stresses that the evolving cybersecurity landscape demands vigilance. “The best way to secure your organization from these attacks is an end-to-end email security solution. Our combination of Security Awareness Training and Threat Detection and Response helps stop malicious threats before they become detrimental to data security.”

By the numbers

104.5% increase in malicious emails bypassing SEGs per customer in 2023.
1 malicious email per minute was detected, bypassing customers’ SEGs.
67% growth in credential phishing volume compared to 2022, solidifying it as the primary phishing threat.
91% of active threat reports were linked to credential phishing in 2023.
331% rise in phishing campaigns using QR codes to bypass SEGs.
90% of data breaches originated from phishing emails, confirming email as the top vector for cybercrime.
84.5% and 118% increases in malicious emails bypassing SEGs in healthcare and finance industries, respectively.
Industry-specific bypass increases (2022–2023):
- Finance (118%) and healthcare (85%) were the main targets with dramatic growth in malicious email bypass rates.
- New targets include real estate and management with significant bypass increases of 212% and 177%, respectively
197% surge in malicious emails bypassing Cisco SEGs, the highest among providers.
Other SEG bypass rates:
- 141% for Google G Suite
- 101% for Microsoft ATP
- 89% for Fortinet
- 75% for Proofpoint
- 35% for Mimecast
- 31% for TrendMicro
Powered by 35 million Cofense-trained employees, Cofense’s phishing detection and response (PDR) uncovered:
- 800,000 unique malicious email campaigns in two years.
- Over 1.5 million malicious emails detected globally.
- A 37% increase in malicious threats in 2023 compared to 2022.
- A 310% increase in malicious threats compared to 2021.

Why it matters

These attacks are symptoms of broader portal-based security vulnerabilities. Portals requiring user logins create opportunities for spoofing and phishing, which could be mitigated by adopting encrypted email solutions like Paubox that do not rely on login credentials.

As the sophistication of phishing attacks continues to evolve, it is increasingly outpacing traditional defenses like SEGs. To stay ahead of cyber threats, organizations must adopt advanced detection and response tools that protect sensitive data and minimize the growing risks posed by credential phishing, particularly in industries like healthcare and finance.

View full post