Malicious Attachments Remain a Cybercriminal Threat Vector Favorite

CyberPanther

Level 7
Thread author
Verified
Well-known
Oct 1, 2019
303
Malicious attachments continue to be a top threat vector in the cybercriminal world, even as public awareness increases and tech companies amp up their defenses.
While attachment threat vectors are one of the oldest malware-spreading tricks in the books, email users are still clicking on malicious attachments that hit their inbox, whether it’s a purported “job offer” or a pretend “critical invoice.”
The reason why threat actors are still relying on this age-old tactic, researchers say, is that the attack is still working. Even with widespread public awareness about malicious file attachments, attackers are upping their game with new tricks to avoid detection, bypass email protections and more. The attack vector is still widespread enough where tech giants are re-inventing new ways to try to stomp it out, with Microsoft just this week rolling out a feature for Office 365 that aims to protect users against malicious attachments sent via email, for instance.
“Email attachments, such as PDF or Office files, are an easy vector to deliver malicious content to end users,” Mohit Tiwari, Co-Founder and CEO at Symmetry Systems, told Threatpost. “For enterprises, the risk is that malicious actors can use these attachments to establish a toe-hold at the outermost edges of the enterprise, and then wait and wind their way to the crown jewels in their data stores.”
New Tactics
The 2020 Verizon Data Breach Investigations Report (DBIR) found that email attachment is a top malware vector that leads to data breaches, with almost 20 percent of malware attacks being deployed via email attachments. Email links are the top vector with 40 percent of attacks using this method.
While malware-laced attachments such as ZIPs, PDF, and MS office files (including DOC and XLSM file attachments) are more commonly used attachments, researchers warn that threat actors are starting to look to newer attachments – like disc image files (ISO or IMG files that store the content and structure of an entire disk, like a DVD or Blue-Ray) – as a way to increasingly spread malware.

 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top