There has been a spurt in cyber attacks in the last few months. But, hackers are not using any new arsenal to sneak into a victim’s computer network. The time-tested weapon wherein a hacker sends an email with malicious file, enticing the victim to click on it to gain entry into his or her network.
“It is like burglars gaining access to victims’ homes by walking through the front door,” Sundar Balasubramanian, Managing Director of Check Point Software Technologies (India and SAARC), has said.
“Over 70 per cent of the malicious files in India were delivered via email in the last 30 days,” he said, quoting Check Point’s Intelligence Report on India.
The top malware in India is Emotet, an advanced, self-propagating, and modular Trojan, which distributes other malware or malicious campaigns. “It can be spread via phishing spam emails, containing malicious attachments or links. With the growing sophistication of these new malware within emails, such phishing attacks will just escalate,” he cautioned.
He pointed out that Microsoft Office documents have been people’s digital front doors.
“Almost all of us will have used Office docs at some point. Everyday, thousands of emails are exchanged with these types of documents attached. We don’t even question their source, keeping the digital doors ajar,” he felt.
The malicious use of Microsoft docs occurs so frequently that they even have their own name – maldocs. Cybercriminals create such maldocs using a process called Office macros.
Implications
What do these email infection chains mean for your business? Office macros are special purpose programmes that have been used by cybercriminals to deliver malware via email attachments for years. “Security companies have been fighting the practice for years, but it was always clear that the key to preventing macro abuse lies in the hands of Microsoft itself,” he felt.
By January 2022, as much as 61 per cent percent of all malicious payloads attached to emails sent to Check Point’s clients were xlsx, xlsm, docx, doc, ppt, and other document types.
“Our Check Point ThreatCloud latest figures show that Excel files alone make up 49 per cent of all malicious files received by email. Typically, a carefully, socially engineered email carrying an Excel file with a malicious macro is the weapon of choice for unsophisticated actors, as well as top notch APT (advanced persistent threat) groups,” he pointed out.
Social engineering
Balasubramanian wanted the organisations to sensitise their employees on various social engineering techniques that cybercriminals employ to lure them into a scam.
“Cybercriminals will often send a simple email that does not contain any malware but impersonates someone you know just to get into conversation with you. Then, after gaining your trust, the malicious file will be sent,” he observed.
“It may no longer be an Office document or .exe file but a .iso or PDF or infection chains that combine different file types. This user education is one of the most important parts of an effective cybersecurity strategy,” he felt.