How Phishing Emails are Weaponized

By:  |  Category: Blog, Security Wednesday, April 11th, 2018  |  No Comments

Email–can’t live with it, can’t live without it. The truth is, we can’t do business without email these days, and yet email does us no favors in the cyber security realm.

Email is by far, the most popular attack vector used by criminals to carry out targeted cyber attacks. On any given day, more than 90 percent of cyber attacks begin with a phishing email campaign. It is the path of least resistance for a cyber criminal to enter a network and execute tactics to accomplish criminal intent — stealing data, delivering a malicious payload or phishing for credentials.

Exploiting common human weaknesses through social engineering, the strategy of these cyber criminals is highly sophisticated and targeted. While email is a principal collaborative tool to share documents, such as PDFs and Microsoft Word files, and URLs , it can also be distorted as a weaponized tool with malware. Over time, phishing has evolved right along with email according to user behavior.

How Email Attachments are Weaponized
File attachments, such as Microsoft Word documents and Adobe PDFs, have the ability to include embedded URLs, macros and scripts. This makes it possible for these files to work as executable malware. These malicious file attachments are used as delivery vehicles for ransomware and other zero-day threats. According to SonicWALL, here are some of the most popular methods files can be weaponized:

Embedded Macros and Scripts that Hide Malicious Payloads
First, attackers embed a macro that obfuscates malicious payloads in the document. They then use personal information gathered through social engineering to mislead the user into enabling the macro content to run and infect the victim’s computer. These exploits take advantage of software vulnerabilities and then launch the intended payload to infect the computer.

Embedded Macros and Scripts that Download Malware from External Sites
Documents can also be embedded with scripts that call external Command & Control (C&C) servers or websites to download malware inconspicuously. Often, these downloaded payloads take the form of ransomware, trojans, infostealers or botnets that make your system part of the malicious networks that carry out attacks on behalf of cyber criminals.

Fake Attachments and Embedded links
In some cases, attackers send documents or fake attachments, such as a PDF or a Word file, with embedded URLs. After clicking on the URL, the victim is redirected to a sign-in page that looks and feels authentic. These sign-in pages are well crafted and designed to deceive even educated users. Unsuspecting victims often fall prey by entering their credentials into the sign-in page.

How to Stop Phishing and Other Email Attacks
Email security is no longer just about blocking mass spam and phishing campaigns. The above incidents indicate the evolution of how cyber criminals use email as a threat vector, and how they use the versatility of PDFs and Microsoft documents to their advantage.

These are advanced email threats that are carefully planned and highly targeted attacks. Traditional anti-spam and signature-based anti-malware simply cannot stop these attacks.

A multi-layered security approach provides the best defense against these email threats. The layers should include advanced threat protection features, such as sandbox analysis for email file attachments and embedded URLs, and email authentication technologies such as SPF, DKIM and DMARC.

It is also true that not all sandboxes offer equal protection. The cloud-based SonicWall Capture Advanced Threat Protection (ATP) service blocks the most evasive malware with its multi-engine approach.

Capture ATP now includes the recently announced, patent-pending Real-Time Deep Memory Inspection (RTDMITM) technology. RTDMI blocks malware that does not exhibit any malicious behavior or hides its weaponry via encryption.

By forcing malware to reveal its weaponry in memory, the RTDMI engine proactively blocks mass-market, zero-day threats and unknown malware utilizing real-time memory-based inspection techniques. This means, by design, RTDMI can sniff out malware obfuscated within PDF files and Microsoft Office documents by threat actors.

With high performance, fast scan times and block-until-verdict capability, Capture ATP offers comprehensive protection against advanced cyber threats.

If you need assistance with a cyber security solution give EnhancedTECH a call at 714-970-9330 or contact us at [email protected]

source image: https://www.pexels.com/photo/low-angle-photo-of-glass-buildings-2599538/

Leave a Comment
Read previous post:
The Dark Web, Wonder Woman, and Protecting Your Password

I am so over complicated passwords. How in the heck am I supposed to remember [email protected]#$%^ ? Seriously, it makes...