Cybersecurity executives feel vulnerable to different sources of cyber risk. The threat comes in many forms – data leaks, password sharing, access authorizations, and perhaps most significantly, the continual exchange of emailed data through the value chain.
A recent Glasswall research study involving senior-level cybersecurity leaders showed concerns about email risks topping their list of potential vulnerabilities – that includes both email with attached documents and email that may include dangerous links. The reasons our respondents provided as to why they’re so concerned about email threats fell into some common themes: the current prevalence of phishing attacks; human error; the inability of protective technologies to screen out all threats; the increased cleverness of attacks; and these leaders’ understanding that the vast majority of malware is spread through email, particularly related to Phishing or Business Email Compromise (BEC) attacks. One executive summed it up in saying, “It’s easy to make emails that can fool people, and generally the use of email as a file transfer mechanism is a bad idea.”
Email is inherent in third-party document exchange practices, where malicious payloads frequently get deployed through message attachments. Our research showed that third-party risk from partner and supply chain interactions was a high concern for over 70% of security leaders. This was even more concerning for them than users going out to dangerous websites or using removable devices to access the corporate network.
Couple these findings with our ongoing Threat Intelligence findings, and we see the pervasiveness of the problem. Our data clearly shows that during 2018, even though organizations themselves use contemporary Open Office XML formats as the standard across their Productivity Suite, attackers are ten times more likely to send their malicious documents as legacy Office Binary formats. Such high risk file formats that may have been in use over years of data sharing are fertile ground for attackers to slip into an organization’s network along with other correspondence. Microsoft Office applications are only too keen to open and launch these documents for their impatient users. This finding is confirmed by other industry research showing attackers’ preference for outdated files as malicious delivery vehicles. For instance, Symantec’s 2019 Internet Security Threat Report lists the top malicious email attachment types for 2018 as .doc/.dot.
Our Threat Intelligence Data has also revealed that Windows vulnerability malware is on the rise, with a major spike occurring as recently as March of this year. Attackers have discovered they can use old malware to launch new attacks by hiding payloads in Microsoft Office formats. Macros in Word files are the leading point of vulnerability, followed by the Dynamic Data Exchange capability also found in these older files.
Further, Office documents have a primary role in a form of attack that saw a big increase in 2018: Fileless Malware. This is a particularly challenging threat because there is no file containing malicious payload to detect; only scripts that delete themselves once the attacker’s purpose is met. Finally, we’ve seen the acceleration of a new type of threat – Evasive Spear Phishing – where a unique malicious file is sent from oneactor to onerecipient. That takes thorough research, a lot of diligence and very clever outreach and social engineering techniques on the part of the attacker.
Given the continuous exchange of emailed data among value chain members, it’s no wonder that third-party risks and email vulnerabilities have reached such a high level of concern for security leaders.
Just disallowing old file formats from entering your network will go a long way towards reducing these risks. Better yet to turn to Content, Disarm and Reconstruction (CDR) technology like Glasswall’s FileTrust suite that can immediately regenerate safe files and prevent file-borne malware from penetrating your firewall in the first place. Contact us to explore how FileTrust can help you open, store and share your files with confidence.
Download the report “Keeping the Enterprise Secure” to view all the findings of our recent survey!Get Report