Of the many different types of malicious attacks that can pose a threat to your network and data, the majority are delivered to you the same way…via email
According to Malwarebytes 2019 State of Malware report, business detections of malware rose 79% over last year, largely due to an increase in backdoor exploits, crypto miners, spyware and information stealers. The most popular delivery method of these attacks isn’t a sophisticated exploit kit, but the tried and true method of spam (malspam) emails containing infected attachments and links to malicious URLs. Arming yourself with some of the basics can help you identify malicious links and attachments more easily.
Tips for Identifying Malicious Links
A website’s domain cannot be faked, but it can be disguised in a link and/or re-directed to a different website or file.
Links can appear as a web addresses such as www.itispivotal.com, and can be placed within a picture or displayed as text, If you’re on a PC, Mac, Outlook Email or in a browser, hovering over the link with your mouse will provide you the full web address of where the link wants to take you. Ignoring everything before the // of a web address and anything after the first forward slash, gives you the domain name that is being linked. Unfortunately, this very handy function is not possible without a mouse, so be sure to use caution when dealing with email links on mobile devices.
Following a malicious link can quickly compromise an entire network. Before clicking on something that you are unsure of, check to see where the link actually leads using tools such as https://scanurl.net to check the destination URL or https://isc.sans.org/suspicious_domains.html to look up the domain.. Shortened links can be expanded using https://unshorten.it/.
Tips for Identifying Malicious Attachments
A file’s extension or filename extension is used by the operating system to identify what app opens when you click a file. Although there are thousands of file extensions, below are a few examples of common file types with familiar file extensions:
These types of files contain the representation of a “document” be it a letter, picture or spreadsheet and can be “read” by humans. Although these types of files can be embedded with malicious links, they are not able to create a system process on your computer. However, Microsoft Office documents can contain VBA macros, which can be used as a delivery system for trojans, malware and password stealers. The two most common types are Macro Downloaders and Macro Droppers. Macro Downloaders download the malicious payload from the internet and execute it, while Macro Droppers utilize the macros embedded within the document to execute a payload. Fortunately, Microsoft has macro security within Office, requiring permission to allow macros to run and Group Policies that can be set to block users from altering Macro security settings.
Unlike data files, executable files, program files, registry files, shortcuts and script files cannot be “read”. They are compiled to perform various functions and operations on a computer or perform specific actions. Unfortunately, the actions can include downloading a payload of ransomware, sending you to a redirected URL for a drive-by download or a fake webpage hoping to harvest your login credentials.
Employing social engineering, attackers often try to disguise a malicious attachment by using file names they hope will entice you to click, such as monthlypayroll.exe, past-due-invoices.zip, or fedexshippinglabel.bat. Be on the look out for long file names and double extensions like sales-projections_2019.xlsx.js, designed to disguise the file name.
Always use caution when dealing with email attachments, especially those from unknown senders. Suspicious files (and URLs) can be scanned and analyzed for free at Virus Total. Emails with malicious attachments can be forwarded to the FTC at email@example.com and the Anti-Phishing Workgroup at firstname.lastname@example.org.
Stay safe out there!