Can we still trust email?

Linda Musthaler
By | December 30, 2014

Posted in: Network Security Trends

You'd better be extra vigilant as you read through your business emails these days. Cyber attackers are growing more tenacious in their use of corporate email systems to plant malware on networks. Here are a couple of proof points.

Symantec recently posted an article on its Security Response blog about attackers behind malicious spam campaigns turning to links embedded in email messages rather than malicious attachments as a way to fool recipients into downloading harmful malware. Symantec reports a surge in the percentage of spam emails containing malicious links in recent months. In October 2014, the number was just 7% of spam emails that contained malicious links. That number spiked to 41% of spam emails in November 2014, and it continued to climb further in December. The presumption is that attackers want to avoid security solutions that block and filter out harmful attachments.

Symantec warns that the embedded links use hijacked domains and have a URL path that leads to a PHP landing page. Clicking on the link often results in Trojan software being downloaded to the person's computer. These Trojans may download additional malware onto compromised computers, including the well-known information-stealing malware called Zeus.

Some of the common subject lines of these malicious spam emails have to do with fax or voice mail messages. Of course, subject lines of spam messages change frequently, so be cautious about any kind of unsolicited email messages with an embedded link or attachment.

A much more dangerous type of malicious email message is one that appears to come from someone inside your own organization. Even if the message is considered unsolicited, it has a measure of trust because of the apparent origin of the note. This social engineering technique is being used to plant malware that provides a foothold deep inside enterprise networks, especially in the financial services sector. This is described in a recent report from Fox IT and Group IB.

The report explains that Russian and Eastern European hackers gain access to email servers and the communications moving through them. They are able to gain enough information about the employees and their internal communications to send a compromised message from one worker to another. When the recipient clicks on the link or attachment in a message that apparently has come from a known colleague, the malware infection takes place that enables access to more vital areas of the network, such as payment systems.

Clearly it has gotten to the point where we have to be suspicious of every type of email message we receive—no matter who it seems to be from, or what the message contains.

You May Also Be Interested In: