How to better combat malware delivered through email

Phishing emails are one of the most common and successful ways to infect an organization with malware. Employees who've been instructed not to click on file attachments and links in unexpected emails still can't seem to resist the temptation. Once triggered, a single malicious payload can lead to data breaches, ransomware and other devastating threats. A report released Wednesday by security firm GreatHorn looks at the risks of email attachments and suggests ways to defend your organization against such malicious payloads.

Based on a survey of 256 cybersecurity professionals conducted in the U.S. in late March, the report found that 52% of them are most concerned with malicious payloads being delivered via email, while 47% are most worried about such payloads being delivered by a hyperlink within an email.

SEE: Identity theft protection policy (TechRepublic Premium)

For many, ransomware was one severe side effect of a malicious payload. Among the respondents, 54% said their organizations were targeted by ransomware over the past 12 months. Of those that were targeted, 66% actually paid the ransom, with some shelling out as much as $1 million and more.

Some 71% of those surveyed said they're most concerned about email as the gateway toward ransomware, 75% said that ransomware has increased over the past year, and 62% expect ransomware to continue to increase even after the COVID-19 pandemic ends.

In one example cited by GreatHorn, a Trojan named Troj/Phish-HUP released in February 2021 targeted Microsoft Windows systems, primarily in finance departments. The culprits deployed the Trojan through spearphishing emails masquerading as normal messages in which the recipients expect to download a file. The emails were inspected by Microsoft 365 or Google Workspace. Because such products take time to detect and isolate known malware, the attacks were able to sneak through, according to GreatHorn.

To protect your organization and employees against malicious email attachments and links, GreatHorn offers the following three tips:

Also see