September 3, 2015 By Rick M Robinson 2 min read

Malicious attachments are making a comeback. These are email attachments, typically purporting to be documents or spreadsheets, that are laden with malware. Clicking on the attachment allows the malware to infect the user’s computer — from which it can spread to others in the same network, potentially infecting an entire company.

Malicious email attachments never went away, but as recently as last year, cybercriminals preferred to use Web links to deliver malware to unsuspecting victims. But attachments can evade many of the defenses erected against malicious URLs. And in the social media age, they can be targeted to thousands of users and spread across networks within hours.

Bait for Spear Phishing

As Karen A. Frenkel reported at CIO Insight, malicious attachments in emails are on the upswing. And while the total amount of spam email has been reduced substantially in the last year — thanks to the successful takedown of several botnets used for propagating spam — this new breed is more dangerous.

Malicious attachments are an old technique, but cybercriminals have gone back to it because it offers several advantages. Malware in email attachments can be platform-agnostic, running on practically any computer that loads it. It evades the reputation-based Web defenses that have been developed to identify suspicious URLs. And an email attachment can have any title or file format, allowing it to bypass most automated detection.

Malicious Attachments Target the User

Also adding to the risks from today’s malicious attachments are developments that have made email-based attacks more effective. The most important of these is the rise of so-called spear phishing, or targeted email attacks.

Unlike old-style phishing like the poor foreign widow emails of yore, spear phishing is targeted to particular individuals or occasions. For example, a spear phishing email may be addressed to the intended victim by name rather than a generic header such as “Dear Customer.” The result is that people are more likely to trust the email, click the link and infect their computers and networks.

Attackers are also leveraging social media both to gain targeting information such as people’s names and to access more potential targets. For example, spear phishing attacks geared to a high-profile event such as the Super Bowl can easily reach tens of thousands of victims via social media. And cybercriminals are also directing more such attacks at businesses. They know that a single mistaken click can expose the entire organization to attack.

Defense Against Spear Phishing

Because spear phishing, like other forms of social engineering, exploits the human factor, there is no purely technical defense. The best protection comes from user awareness of the threat and a corresponding wariness of emails that seem unusual or odd.

But big data analytics is also emerging as an effective tool for protection. By tracking large volumes of traffic, dynamic and predictive malware analytics can identify malicious attachments based on suspicious patterns that previously would have eluded detection. Combining analytics with digital forensics and effective use of such basic tools as archiving can help organizations detect malicious attachments before they do their damage.

More from Malware

Ongoing ITG05 operations leverage evolving malware arsenal in global campaigns

13 min read - As of March 2024, X-Force is tracking multiple ongoing ITG05 phishing campaigns featuring lure documents crafted to imitate authentic documents of government and non-governmental organizations (NGOs) in Europe, the South Caucasus, Central Asia, and North and South America. The uncovered lures include a mixture of internal and publicly available documents, as well as possible actor-generated documents associated with finance, critical infrastructure, executive engagements, cyber security, maritime security, healthcare, business, and defense industrial production. Beginning in November 2023, X-Force observed ITG05…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Hive0051’s large scale malicious operations enabled by synchronized multi-channel DNS fluxing

12 min read - For the last year and a half, IBM X-Force has actively monitored the evolution of Hive0051’s malware capabilities. This Russian threat actor has accelerated its development efforts to support expanding operations since the onset of the Ukraine conflict. Recent analysis identified three key changes to capabilities: an improved multi-channel approach to DNS fluxing, obfuscated multi-stage scripts, and the use of fileless PowerShell variants of the Gamma malware. As of October 2023, IBM X-Force has also observed a significant increase in…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today