FireEye research unveils malware-less e-mail attacks going mainstream

FireEye research unveils malware-less e-mail attacks going mainstream

There’re hundreds of examples of malware on the Internet. Some of it is able to go undetected by security software, but most of it is identified and prevented from entering the system. Cybercriminals, however, don’t let that faze them – they change their methods and employ other schemes to get what they want. One of these involves e-mails that don’t contain any threats, aiming for CEO fraud instead, among other things. It was discovered by intelligence-led security company FireEye and its report is using a sample set of over half-a-billion e-mails from the first half of 2018 as its foundation.

According to the report released on September 12, only 32% of e-mail traffic seen could be considered clean and delivered to an inbox. It also says that one of every 101 e-mails is sent to try and take advantage of the recipient. And it’s perfectly understandable – even though it may sometimes seem that e-mails have taken a backseat to other forms of digital communication (messengers, etc.), they’re actually still widespread and are sent by a lot of people. So it’s not uncommon for con artists to try and abuse that medium for their personal gain. Thus, every firm should be on the lookout for such attempts.

Says Ken Bagnall, vice president of e-mail security at FireEye, “from malware to malware-less attacks including impersonation attacks like CEO fraud, a single malicious email can cause significant brand damage and financial losses. By choosing an email security solution with features based on real-time knowledge gained from the frontlines, and by teaching users to always ensure they are communicating with who they think they are, organizations can better defend against attacks.” Their stream didn’t stop while the analysis was performed and practically all of them (90%) didn’t try to infect the devices with threats. Phishing attacks alone make up 81% of malware-less e-mails that were blocked, a number which has (almost) doubled from January to June 2018. The information collected also suggests that it will continue to rise. As far as impersonation attacks go, their number is 19% of the total amount and remains relatively proportional to it.

One other thing stands out – most of the e-mails that contain threats are sent out on Mondays and Wednesdays, with Thursdays being reserved for those without them and Fridays acting as a platform for impersonation attacks. Weekends don’t signal the end to that activity – malware-less attacks continue to be more prevalent than malware-based attacks, with domain name spoofing attacks and newly existing domains being the most likely among them. FireEye also warns that 91% of cybercrime starts with e-mail and it only takes one to infiltrate the targeted company. Among impersonation and CEO fraud, con artists may try to attempt whaling (a specific type of phishing attack that targets high-profile employees, such as the CEO or CFO, in order to steal sensitive information from a firm), spear phishing, credential harvesting and W-2 scams. Only 10% of the attacks include viruses, worms, ransomware, adware, Trojan Horses and spyware.

Malware-less attacks impersonate a trusted sender or company to trick the user into giving away corporate information or assets. Imitation log in pages, malicious links or forged requests are methods that are most often used for them. As far as malware attacks go, e-mails with infected attachments are sent to gain access to a targeted computer. Threats can be disguised in a variety of formats, including .pdf and .doc.

Speaking of numbers, there was a 65% growth of phishing attempts in 2017 and more than $12.5 billion in corporate losses, with 46% of ransomware attacks coming from e-mails. Firms lost $5 billion from ransomware alone in 2017 and cybercriminals have no intention of stopping. They adapt to the changing climate, using friendly usernames or typo-squatting the recipient’s domain to achieve the needed result. Mobile devices are in danger too, as most of the e-mail clients on them don’t display the e-mail address – only the sender’s name. This factor makes it easier for con artists to deceive the users into thinking they’re talking to someone they know. That’s why data protection should be taken very seriously, in all cases, whether it’s corporate servers or someone’s personal device.

Employers need to make sure that their employees are aware of dangers that e-mails from unknown addresses bring and security software should always be kept up-to-date and running, to prevent potential breaches. Even though it may seem like a daunting task at first sight, beating con artists on their own play field is actually entirely possible, if unnecessary risks are avoided.


Please enter your comment!
Please enter your name here