Malicious attachments are making a comeback. These are email attachments, typically purporting to be documents or spreadsheets, that are laden with malware. Clicking on the attachment allows the malware to infect the user’s computer — from which it can spread to others in the same network, potentially infecting an entire company.

Malicious email attachments never went away, but as recently as last year, cybercriminals preferred to use Web links to deliver malware to unsuspecting victims. But attachments can evade many of the defenses erected against malicious URLs. And in the social media age, they can be targeted to thousands of users and spread across networks within hours.

Bait for Spear Phishing

As Karen A. Frenkel reported at CIO Insight, malicious attachments in emails are on the upswing. And while the total amount of spam email has been reduced substantially in the last year — thanks to the successful takedown of several botnets used for propagating spam — this new breed is more dangerous.

Malicious attachments are an old technique, but cybercriminals have gone back to it because it offers several advantages. Malware in email attachments can be platform-agnostic, running on practically any computer that loads it. It evades the reputation-based Web defenses that have been developed to identify suspicious URLs. And an email attachment can have any title or file format, allowing it to bypass most automated detection.

Malicious Attachments Target the User

Also adding to the risks from today’s malicious attachments are developments that have made email-based attacks more effective. The most important of these is the rise of so-called spear phishing, or targeted email attacks.

Unlike old-style phishing like the poor foreign widow emails of yore, spear phishing is targeted to particular individuals or occasions. For example, a spear phishing email may be addressed to the intended victim by name rather than a generic header such as “Dear Customer.” The result is that people are more likely to trust the email, click the link and infect their computers and networks.

Attackers are also leveraging social media both to gain targeting information such as people’s names and to access more potential targets. For example, spear phishing attacks geared to a high-profile event such as the Super Bowl can easily reach tens of thousands of victims via social media. And cybercriminals are also directing more such attacks at businesses. They know that a single mistaken click can expose the entire organization to attack.

Defense Against Spear Phishing

Because spear phishing, like other forms of social engineering, exploits the human factor, there is no purely technical defense. The best protection comes from user awareness of the threat and a corresponding wariness of emails that seem unusual or odd.

But big data analytics is also emerging as an effective tool for protection. By tracking large volumes of traffic, dynamic and predictive malware analytics can identify malicious attachments based on suspicious patterns that previously would have eluded detection. Combining analytics with digital forensics and effective use of such basic tools as archiving can help organizations detect malicious attachments before they do their damage.

more from Malware

Hive0117 Continues Fileless Malware Delivery in Eastern Europe

Through continued research into the ongoing cyber activity throughout Eastern Europe, IBM Security X-Force identified a phishing email campaign by Hive0117, likely a financially motivated cybercriminal group, from February 2022, designed to deliver the fileless malware variant dubbed DarkWatchman. The campaign masquerades as official communications from the Russian Government’s Federal Bailiffs Service, the Russian-language emails […]