The delivery of embedded malware deep inside email attachments has emerged as a new and constant threat.
Clearswift has recently been approached by a number of top cybersecurity teams and organizations to help them address an increasing threat of ongoing attempts to deliver embedded malware hidden in email attachments that is automatically activated by malicious scripting code. The sophistication and continuous morphing of delivery methods have made it so these new malware variants go undetected and pass right by major AV scanning solutions.
Cybersecurity experts in the banking and financial services industry have been battling early evolving versions of email embedded malware known as Cridex and Dridex that attempted to steal banking credentials and personal information since late last year. And just when the banking organizations began their fight to keep your financial information safe, numerous reports started to appear about the increase of malware targeting the healthcare industry and your critical health information. Regardless of the industry, these reinvented threats have cybersecurity teams scratching their heads. And a big part of the challenge for cybersecurity teams have been the reliance on traditional AV scanning technologies and filters, that while eventually being updated to help block some of the basic embedded threats, simply haven’t gone deep enough to inspect emails for malware embedded in multiple layers of attached documents and advanced scripting techniques that act as a trigger.
How it works
Here is an example of what to expect from these new forms of email embedded malware:
- Emails with vague body messages are sent highlighting the attachment as an important document such as invoice. The attachment, often seen as a PDF file might be titled: SalesInvoice519658.pdf
These document attachment types (Offices document and PDFs) are required for performing normal business activities and are often trusted by end-users without so much as a second thought to the havoc they may cause if there is malicious intent intended by the sender.
The solution – email sanitization for comprehensive malware protection
Finally, a Structural Sanitization layer of security is cost-effective and can be quickly added to your existing email security solution (protecting your on premise or cloud hosted email – i.e. Microsoft Office 365, Google Gmail, etc.) without having to ‘rip and replace’ and provides the most comprehensive defense against ever evolving email embedded malware.
By Jane Deshaies, Clearswift Sr. Security Solutions Engineer & Scott Kosciuk, Clearswift North America
- Contact an Email Security Specialist
- Advanced Threat Protection for Email
- Adaptive Redaction
- ARgon for Email
- Clearswift Email Security