Dangerous email messages

In the era of IT giants who have been involved in cybersecurity for decades, it is difficult to create malware that can ignore the security mechanisms of modern information systems. Today, bypassing protection tools is harder than ever; however, one serious vulnerability remains virtually unchanged - humans. Let us talk about how people, who are ignorant of digital security, are helping hackers implement malicious attacks using the email channel.

The digital world has been fighting with malware for over 30 years. During this time, a huge number of antiviruses has been developed. Today, antivirus vendors use AI, cloud, and user signals to add new types of infections to their databases 24 hours a day.

Moreover, in addition to antiviruses, malware encounters many other layers of protection: all kinds of firewalls, security policies, CORS, HTTPS, and timely fixes of found vulnerabilities by operating system and application developers.

Although modern security systems are generally very reliable, we still have a huge, vulnerable component - a person. The well-known hacker who is now an information security consultant Kevin Mitnick wrote that it is much easier to hack a man than bypass computer security systems.

Most big hacker attacks were effective due to inexperience and inattention of people. These days the best results (in terms of cost-benefit ratio) are provided by attacks that are aimed at tricking people into clicking malicious files or links sent via emails.

Why do cybercriminals spread malware via email?

There are no Internet users who do not receive strange emails with subject lines like: "You won a million!" or "You received a money order" or "Please update your account information." Nowadays, such emails usually go to the junk mail folder, but spammers improve their tactics, and some emails may pass through the filters.

In fact, every Internet user is a target for malicious activity. Even if your device does not have valuable information, it is good for other tasks, such as mining cryptocurrencies or participating in botnets.

Hackers' income from infecting home devices is relatively small. Today, the main target of cybercriminals is the corporate sector. More and more companies fall victim to highly profitable attacks that involve cyber extortion.

Not all companies have built strong protection against attacks conducted with the help of email. Employees do not always receive training in identifying spam emails with malicious attachments. Clicking on a malware-laden attachment by an inexperienced accountant can lead to the encryption of the databases of the entire organization, which will result in huge losses.

In order to prevent unexpected financial and reputational losses, every business leader should think about ongoing training for his organisation.

The main mechanisms for spreading malware using email

Previously, cybercriminals used attachments with the .exe extension, but over time, it became obvious to most users that it was unsafe to click such files. Antiviruses and mail filters warned of the risks of infection, so hackers had to improve their tactics.

Today, malicious programs are carefully masked: the infection may come as part of less suspicious attachments, for example, inside .doc or .pdf files, or get downloaded after users mistakenly click a link located in the body of an email. Hackers hide real web addresses using homographattacks. The messages are also disguised. They are perfectly designed and do not differ from the usual business correspondence.

So, what types of attachments are most often used by cybercriminals today? Archives (.zip or .rar) represent four out of the ten most popular file formats used by phishers.

Antiviruses detect the bulk of dangerous attachments. So, the problem is not limited to attachments alone. Attackers can insert a JS script into the message body for it to later download a malicious program.

Based on the above, I want to stress that when using the email channel, malware is mainly spread through attachments, as well as through links and scripts in the body of the email.

Popular types of malware spread by email

Ransomware

The goal of criminals is to encrypt valuable information on servers or client devices and demand payment from the victim for the decryption key. As a rule, crooks require victims to use Bitcoin or other cryptocurrencies to transfer the ransom payment.

Backdoors

Backdoors are programs that criminals install on a computer in order to be able to perform any action with it, for example, to control it remotely.

Miners

These are tools created for stealthy background mining of cryptocurrency. While the user is working with his device, the program does not show any tangible activity; however, when the computer is not in active use, the miner begins to exploit its computing resources.

Spyware

With the help of spyware, criminals obtain information about the user's actions. A typical example is a keylogger. It is designed to track keystrokes. Obviously, with the help of a keylogger, malefactors can get logins, passwords, etc.

Adware

The adware usually causes annoying pop-ups, page redirectsand other ads. Adware is used to profit from advertising.

How to identify malicious attachments?

Most modern mail services and antivirus tools seek to protect their users from hacker attacks and use different filters and rules. Most emails with malicious attachments do not reach the end-user. Nevertheless, using various tricks, attackers bypass security systems and deliver malicious messages to addressees. In order not to become another victim of a cybercriminal, users need to be very attentive.

As a rule, attackers try to provoke immediate actions using headlines like "Urgent," "Past due invoice," etc. However, it is advised to act calmly, assessing the situation without haste, and adhering to the following algorithm:

1. Take a close look at the "To" and "From" fields in the header of the letter. Is the recipient's address the same as yours? Do you know the sender? If you do not know whose email address it is, then this is most likely spam.
2. Pay attention to the language and overall quality of the letter. Numerous spelling and grammatical errors, unclear logos should raise red flags.
3. Be critical of urgency. If an email requires immediate action or tries to pique your curiosity, be very vigilant.
4. Always question requests for confidential information. Do not reply to an unsolicited email asking you to enter login password details, your name, or your date of birth. Reputable services never request this information via email.
5. Check URLs. Many of the web links used in phishing campaigns look similar to legitimate website URLs but look odd on closer inspection. If the URL is hidden in a text link, hover your mouse over it and see where the link points.
6. Stay away from unrecognizable file types. In most cases, only a few standard file types are sent as part of business email communications. If the file looks unusual, do not open it.

Conclusion

Despite its age, email remains the main distribution channel for malware these days. People still click malicious links and open strange file attachments. It is advised to be vigilant and check each letter carefully. If there are doubts about authenticity, it is good to call the sender. Stick to the email verification algorithm. Business owners who want to protect their companies from unexpected losses should teach their employees the basics of information security. The weakest link in any defense is always a human.