Malware in Email

A good portion of malware is still delivered through email.

Malware in Email

Archives, such as .zip files, make up almost a third of malicious attachments, and four of the top ten types of files used by attackers.A good portion of malware is still delivered through email. It used to be more prominent, with .exe files attached directly to emails. But as users got wise to the idea that opening an executable wasn’t a safe decision, malicious actors changed their tactics.Nowadays, malware is much more likely to be served indirectly, either through less suspicious attachments like commonly used business documents or by URLs contained within the message body—all of which are items regularly sent in regular, valid email communication. The idea here is to get past traditional email scans that would catch and quarantine a binary file or other infrequently distributed attachments.

This is most evident when looking at flagged email attachments seen so far this year (January-April 2019). Binary files make up less than two percent of all malicious attachments—that’s not just .exe files, but all binaries. This is quite a change from years past, when executable, Java, and Flash files were regularly encountered. In fact, Java and Flash have fallen so far out of favor that if you add them to binaries, you’re still only looking at 1.99 percent of attachments.

The most common attachment types are simply the types that are sent around the office on a regular day—two in every five malicious files are Microsoft Office documents.

So what sorts of attachments have attackers gravitated towards? Archives, such as .zip files, make up almost a third of attachments, and four of the top ten types of files. Scripts like .js files make up 14.1 percent. These scripts have shown a dramatic increase since the last time we looked at attachment types in the 2018 Annual Cybersecurity Report (ACR), when .js files, combined with XML and HTML, only made up one percent of malicious file extensions.Their frequency as malicious attachments has continued to grow, going up almost five percentage points since the 2018 ACR. Throw PDF documents into the mix, and more than half of all malicious attachments are regularly used document types, ubiquitous within the modern workplace.