What Is Mailware and How to be aware

Mailspike By Mailspike • February 26, 2021

For businesses, Mailware (portmanteau for Mail Malware) threats can leave vulnerable systems and data exposed and can cause major monetary and reputation losses.

For businesses, attacks like malware threats can leave vulnerable systems and data exposed and can cause major monetary and reputational losses. Most people think scanning tools and antivirus software are sufficient, but more advanced tools can better protect your business while also providing other useful features.

Some of the most common email threats can come through impersonation of trusted entities, deception, and the exploitation of private information to encourage email receivers to download attachments or click on links. Once these attachments have been downloaded, malware is installed; and if a link is clicked on, the person may be forwarded to a fake login page, where their credentials can be stolen.

In the "Q3 2020 Threat Landscape Report," Nuspire found more than 3.6 million malware occurrences over the third quarter, which is an increase of 128% from the second quarter. More than 43,000 malware variants were found each day, with almost 1,200 unique ones seen for the whole quarter.

The top three malware types targeted Microsoft Office with exploits and trojans using malicious macros to infect systems. Visual Basic for Applications (VBA) agents are a kind of trojan aimed at programs like Microsoft Word and Excel.

Often used in malspam campaigns, this kind of malware tempts recipients with fake invoices and legal documents containing macros that launch once the document is opened. The VBA agent then communicates with a command and control (C2) server, which pushes the payload to the victim's system.

Among the top five malware kinds, Emotet continued to be problematic in the last quarter. After vanishing at the start of the third quarter, it bounced back at the end of August. This notorious trojan can spread through mass spam campaigns or hijacked email threads; both of these methods use Word documents that contain macros with malicious code.

 

Malware Threat Email

Malware can also be sent through an email. For example, you’ll know it’s malware if the email has an attachment, you don’t recognize the sender, there is no subject or the email asks you to review or confirm information using an attachment.

If you open the attachment, a piece of malware can be downloaded onto your computer. If you accidentally open the attachment and the contents of the document or file look different from what you expected, this can also be a sign of malware.

 

Recommendations

Here’s how you can defend your organization against the latest threats:

  • Endpoint Protection Platforms (EPP). The advanced antivirus (NGAV) can find malicious software not only through signatures but through behavior and heuristics. 
  • Use threat intelligence. Threat intelligence can help organizations recognize if devices are reaching out to known malicious hosts that have C2 communication. 
  • Network segregation. Separate higher risk devices, like IoT devices, from your organization's internal network.
  • Look for threats. New malicious C2 servers are discovered every day. Organizations need to audit their network data to find abnormal traffic and react in time.
  • Patch your systems immediately. Try to apply patches to the critical systems as soon as possible to avert malicious parties.
  • Use advanced antivirus. A solution like an endpoint protection and response (EPR) can help with detection and offer endpoint log visibility that can find malicious traffic.
  • Use a firewall with IPS. Firewalls with an Intrusion Prevention System block known exploits using signatures. Remember these signatures also need to be updated, using a managed detection and response (MDR) program.

 

A robust email security system will keep every message protected as it makes its way from one server to the next.

 

New call-to-action

Author: Mailspike

The Anubis Labs team is tasked with the ongoing effort to discovery new threats, track and collect intelligence about malware and botnets and figure out the best approach to let our customers have a good insight on their threat landscape.