Dangerous email messages

In the era of IT giants who have been involved in cybersecurity for decades, it is difficult to create malware that can ignore the security mechanisms of modern information systems. Today, bypassing protection tools is harder than ever; however, one serious vulnerability remains virtually unchanged - humans. Let us talk about how people, who are ignorant of digital security, are helping hackers implement malicious attacks using the email channel.

The digital world has been fighting with malware for over 30 years. During this time, a huge number of antiviruses has been developed. Today, antivirus vendors use AI, cloud, and user signals to add new types of infections to their databases 24 hours a day.

Moreover, in addition to antiviruses, malware encounters many other layers of protection: all kinds of firewalls, security policies, CORS, HTTPS, and timely fixes of found vulnerabilities by operating system and application developers.

Although modern security systems are generally very reliable, we still have a huge, vulnerable component - a person. The well-known hacker who is now an information security consultant Kevin Mitnick wrote that it is much easier to hack a man than bypass computer security systems.

Most big hacker attacks were effective due to inexperience and inattention of people. These days the best results (in terms of cost-benefit ratio) are provided by attacks that are aimed at tricking people into clicking malicious files or links sent via emails.

Why do cybercriminals spread malware via email?

There are no Internet users who do not receive strange emails with subject lines like: "You won a million!" or "You received a money order" or "Please update your account information." Nowadays, such emails usually go to the junk mail folder, but spammers improve their tactics, and some emails may pass through the filters.

In fact, every Internet user is a target for malicious activity. Even if your device does not have valuable information, it is good for other tasks, such as mining cryptocurrencies or participating in botnets.

Hackers' income from infecting home devices is relatively small. Today, the main target of cybercriminals is the corporate sector. More and more companies fall victim to highly profitable attacks that involve cyber extortion.

Not all companies have built strong protection against attacks conducted with the help of email. Employees do not always receive training in identifying spam emails with malicious attachments. Clicking on a malware-laden attachment by an inexperienced accountant can lead to the encryption of the databases of the entire organization, which will result in huge losses.

In order to prevent unexpected financial and reputational losses, every business leader should think about ongoing training for his organisation.

The main mechanisms for spreading malware using email