Other issues in this category (23)
Email: An eternal tool, eternal threats
Wednesday, May 5, 2021
Email is considered to be one of the oldest forms of digital communication—its technological foundation was laid over 50 years ago! Despite its respectable age even by the standards of a rapidly developing industry, it remains to this day a popular means of communication for millions of people around the world. Even in an era of instant messengers, having one’s own mailbox is almost a mandatory attribute of any Internet user. But email occupies an especially strong position in the corporate segment. Almost all official correspondence, both external and internal, is received and sent via email. This never-ending popularity has a flip side: email has been an object of scrutiny for criminals from practically the first day cybercrime appeared. In today's issue, we will talk about the main threats that users most often encounter in mail traffic.
Earlier in our news posts, we wrote about phishing attacks targeting corporate users in a number of organisations. The email messages contained embedded trojan malware that covertly installed and launched Remote Utilities software—a tool for remote computer management. Such incidents are common: attackers often use email as an entry point to further infect the network infrastructures of the organisations that they are targeting. This can happen because basic information security rules continue to be ignored, and mail loopholes are quite a simple and effective means of penetrating a corporate network.
Using corporate email for personal purposes also comes with serious risks. Thus, spam, phishing and unwanted advertising messages have long been an integral part of it. It is noteworthy that according to our statistics, malicious programs (trojans, backdoors, bankers, stealers, encryption ransomware, etc.) are among the most common threats targeting mail traffic. They are all usually randomly distributed—attackers simply send them using email addresses from leaked databases with the expectation that some recipients are sure to open a dangerous attachment.
It sounds straightforward, but infections usually happen because users themselves run an unknown malicious file! Most often, these elements are disguised as useful attachments—for example, a document, an archive or an installation file. To confuse their victims, criminals use simple techniques: they modify the icons of executable files and disguise them as documents, or they try to hide the real extension of the launched application (Super important document.doc_______________________________.exe).
Another frequent error that users make is following unknown links in email messages. Typically, such links take users to sites controlled by attackers. Depending on the scenario, a site could:
- Be a phishing site designed to steal credentials and other data.
- Give out malicious payloads that are downloaded on the user's device.
- Run a malicious script in the browser (for example, to monitor further user activity on this site).
Let's return to the threats that employees can encounter when using email. Another interesting scenario is so-called reconnaissance, an activity undertaken when preparing an attack on a targeted organisation. Hackers send an email message without attachments but with images (or hidden 1-pixel images) that are moved up from the servers controlled by the criminal group. Thus, criminals track that an email was opened and an image from it was downloaded. The information transmitted to the control server may contain the IP address of the recipient, the ID line of the client application, information about the operating system, and so on. Gathered information is used to prepare for the main stage of the attack.
The Anti-virus Times recommends
Email is a secure means of communication provided reasonable security measures are implemented. However, all users, both at work and at home, should carefully check incoming messages, especially emails received from unknown senders. Today, even the presence of spam filters, gateways and other means of protection for mail servers cannot guarantee absolute safety when working with email. Therefore, Doctor Web's virus experts recommend that all users follow some simple rules:
- pay attention to email sender information. Note that attackers could substitute any address in the "From" field. To see the real address of the sender, you need to view the message header;
- email messages received from an unknown sender require more careful analysis. Do not open attachments even if they look like ordinary documents or text files. In addition, you should avoid following links specified in such emails;
- remember that malware can be not only executable files (for example, .exe, .com, .scr, etc.) but also office documents (they can contain macros or be exploits), archives and even PDF documents;
- do not respond to emails containing threats, blackmail and other dubious content. Keep in mind that to cause user panic, fraudsters can insert a leaked password into an email as "proof" that a system is compromised;
- do not open archives from attachments unless they are password-protected and the password is attached to the same email; Attackers use this technique to protect malicious payloads from being detected by the anti-virus protection solutions on a mail server;
- for corporate users: pay attention to the text of the emails you receive. If it is written in unnatural English and/or it show signs of having been auto translated, you have reason to take extra precautions. The Doctor Web anti-virus laboratory has repeatedly detected such emails sent by hackers during targeted attacks;
- use reliable anti-virus protection for home computers, mail servers and office hosts. Implementing simple security measures will allow you to minimise almost all the risks associated with using email.