Highlights:

  • Email phishing is one of the primary methods used by hackers to trick employees into installing dangerous malware.
  • SEGs can filter out dangerous emails by scanning mail servers and SMTP gateways for spam and malicious content.

Attacks that use remote code execution, also known as RCE, are among the most severe risks businesses face today. A single click on a link to an Office attachment in a phishing email may result in a security compromise at an organization, putting sensitive customer information in danger.

However, when Microsoft announced in October last year that it would disable Office macros by default, the security community was overjoyed at the prospect of reducing the effectiveness of RCE attempts using Office files.

According to a new study published by MDR security supplier Expel, deactivating macros has significantly altered the possibility of threats.

Expel’s Quarterly Threat Report discovered that a macro-enabled Microsoft Word document (VBA macro) or Excel 4.0 macro constituted the first attack vector in 55% of pre-ransomware events in Q1 of this year, but that number dropped to 9% in Q2 after Microsoft decided to block macros by default.

Instead of leveraging Office macros to gain access to environments, threat actors are increasingly using disk image (ISO), shortcut (LNK), and HTML application (HTA) files to deploy malicious content and gain entry to networks. This implies that in the future, businesses will need to ensure that users are vigilant about such files in their inboxes.

Jonathan Hencinski, VP of security operations at Expel, said, “Microsoft’s announcement that it would block macros by default in Microsoft Office applications appears to have changed the game for attackers.”

Although Hencinski noted that the threat actors use old techniques like ISO, LNK, and HTA files to compromise a system, he also emphasized that they are still effective. He recommended that businesses configure JavaScript (.js.jse), Windows Script Files (.wsf,.wsh), and HTML for application (.hta) files to open with Notepad in order to remove common entry points for cybercriminals.

Hencinski also recommended unregistering ISO file extensions in Windows Explorer. This will prevent Windows from recognizing ISO files and stop people from inadvertently running malicious software if they double-click on a dangerous file.

Since phishing attempts are one of the most common ways that employees are tricked into downloading malicious files, it is also a good idea to deploy a secure email gateway (SEG) to monitor incoming and outgoing emails for signs of attack. This will allow detecting any potential threats that may be lurking in the inbox.

SEGs as a solution to phishing

Email phishing is one of the primary methods used by hackers to trick employees into installing dangerous malware. Data indicates that phishing assaults increased by 29% last year, with 873.9 million attacks.

SEGs have the potential to filter out these malicious emails by providing organizations with a solution that can be deployed at the mail server or SMTP gateway to scan and filter out spam emails and malicious content. This ensures that employees aren’t exposed to anything that could put the network at risk of a data breach. SEGs also provide organizations with a solution to scan and filter out spam emails and malicious content.

It is crucial to remember that SEGs and email security solutions cannot totally prevent phishing efforts, so employees will always be the greatest defense against them. Nonetheless, they are a helpful tool for decreasing the number of email-based risks.

Proofpoint, one of the leading SEG suppliers in the market, provides an email security solution to authenticate users, blocking malware and fraudulent emails using a machine learning technology called NexuSAI.

Another crucial vendor in the email security industry is Check Point Software Technologies, which acquired email security startup Avanan last year for USD 300 million. It uses True AI to recognize phishing attempts and remove emails before they reach the inbox instead of eliminating them retroactively.

These solutions allow businesses to minimize their susceptibility to human error, if not eliminate it completely. Therefore, they should be integrated with security-awareness training to limit the likelihood of an employee clicking on a harmful file by accident.