Malware in attachment? Stop them before they hit your organization's security

Malware authors are continuously experimenting and employing new tactics to disguise their malware into email attachment. The key objective is to make the email look “normal” and “non-suspicious”, which will prompt the recipient to open the attachment without any suspicion.

Seqrite Jun 04th 2018 A-A+

Increasingly, hacker and other malicious criminals are increasing email attachments to inject malware into their targets. Malware disguised as an email attachment represents an easy target – the recipient of the mail may unknowingly open the attachment without even being aware of the inherent threats the email possesses.

Malware authors are continuously experimenting and employing new tactics to disguise their malware into email attachment. The key objective is to make the email look “normal” and “non-suspicious”, which will prompt the recipient to open the attachment without any suspicion.

Many types of malware are hidden in email attachments. Recently, Quick Heal Security Labs observed a malicious spam campaign which was spreading the SmokeLoader malware through email. Recipients would get an email about a “Website Job Application”, containing a password-protect archive attached. The password was given in the email itself. On extraction of the archive, a doc file would be obtained which was actually a malicious macro-laced document. If the macro is enabled, the malware would successfully get installed on the user’s operating systems.

Network administrators should worry about the havoc and destruction an infected email attachment can cause. A few steps they can take to prevent such a worrisome scenario are:

Usage Policy

Every organization must have a proper, defined usage policy which its employees must be trained and educated in. This policy should deal with all aspects of cybersecurity including online browsing, downloading of files and attachments. The policy must clearly define the kind of actions users should take when faced with suspicious attachments. Keeping a policy like this will ensure that employees are held unaccountable for any kind of unreasonable usage.

Implement and use Backup

Backup solutions have become increasingly important for organizations, whether big or small. In the worst case scenario of a user mistakenly or deliberately downloading an infected attachment and installing malware on the network, a good backup scenario can alleviate a lot of the damage. That, however, requires planning and implementation. Organizations must establish a strong backup policy in place and ensure their data is routinely backed up at regular intervals, so that it can be recovered in the case of a malware attack.

Regular updates

It is extremely important for network administrators to ensure that their systems receive regular updates and patches. This allows the systems to stay secure against infected malware, in the form of attachments.

User Training

It is a truth in every cybersecurity discussion that humans are the weakest link. And in this case, network administrators must ensure that their employees are trained in the best possible way to detect suspicious attachments. These trainings must be regular and compliance must be noted. Employees must be trained on how to detect suspicious email attachments, the warning signs of one, what to observe and what action to take if they are suspicious of an email.

A Strong Anti-Malware Solution

This is probably among the most important steps a business owner or a network administrator must take towards securing their network. A strong anti-malware solution should ideally come with a feature offering Email Protection solutions, both at the network and endpoint level. Seqrite’s Unified Threat Management (UTM) solution offers a first line of defence towards threats. The Gateway Mail Protection feature scans inbound and outbound email messages and email attachments. The Attachment Control feature also allows scanning of the files that can be attached and sent or received in an email.

At the endpoint level, Seqrite’s Endpoint Security (EPS) solution offers a simple and comprehensive platform to manage all the endpoints. Email Protection allows network administrators to apply protection rules to all incoming emails. These rules could include blocking infected attachments in the emails.