Email cyber threats: Which attachments should you not open?
File attachments in email are still common threat vectors. In fact, according to Verizon 2018 DBIR, 92.4% of malware is delivered via email, and a significant part of it is hidden in attached files.
We were intrigued by which file types are most commonly used for malware and went to check it in our real-life data. Covering hundreds of thousands of mailboxes, BitDam advanced threat protection scans millions of file attachment on a daily basis. We started our little research recently and this is what we found so far:
As we expected, most attachments containing malware were day to day files like PDF and Microsoft Office documents that were manipulated through scripts and macros to contain threats. These are files that look innocent, and might even bypass your Secure Email Gateway or Sandbox, but can cause huge harm when being opened.
PDF (38% of all malicious files detected) and Microsoft Word doc variations (30% of malicious files) were the most common file types, followed by Microsoft Excel files (19% of malicious files). Unfortunately, these are the same file types that most of us use, open and share with our colleagues, customers and vendors every day.
What can you do about it?
Even the strictest information security team won’t expect employees not to open these files or to be suspicious every time that they see a PDF or Microsoft Office document in their inbox. That’s where technology comes into the picture. Email protection solutions like BitDam’s stop advanced content-borne threats before they are delivered, so employees don’t get such malicious emails to their mailboxes. While other Advanced Threat Protection for email are based on knowledge about previous attacks, BitDam takes a proactive approach making it attack-agnostic. BitDam learns the normal code-level executions of applications such as Microsoft Word and Acrobat Reader. Based on this whitelist, it determines whether a given file is malicious or not and emails that contain malicious attachments are blocked pre-delivery.