SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Malware and email scams targeting employees spread rapidly in Q2
Fri, 18th Sep 2020
FYI, this story is more than a year old

Malware is spreading through emails more rapidly than ever before, with a decade old issue surging by 400%, according to a study from NordVPN.

Malware detection analysis ordered by NordVPN has shown that, when compared to the first quarter of the year, targeted attempts to exploit the memory corruption issue CVE-2017-11882 in Microsoft Office (2007-2016) went up by 400% in the second quarter.

Analytical sensors have detected a growing trend, which doesn't seem to be improving any time soon, according to the analysis.

On this particular issue, NordVPN digital privacy expert Daniel Markuson says, “The malware targeting a decade-old MS Office vulnerability must have been under the radar, as it has been spreading through emails for three years now.

"Having acquired new forms, today it is as efficient as ever. When exploited successfully, this particular memory corruption issue in Microsoft Office enables attackers to execute code on machines remotely.

According to NordVPN, hackers were very creative at finding a way to exploit this vulnerability. Back in April, the US Secret Service (USSS) alerted citizens to be wary of emails, allegedly from the US Department of Health and Human Services (HHS), informing the recipients that they've contracted COVID-19.

Those emails also contained malicious attachments. Hackers targeted medical equipment manufacturers too, asking them to provide equipment to HHS.

According to the analysis, NordVPN finds that email phishing, combined with social engineering, accounts for 60% of all cyberattacks.

When a company is looking for ways to minimise its vulnerabilities, it should first focus on its own employees, the company states.

Employees can be forgetful when it comes to software updates, and they also click on malicious URLs. In extreme cases, they can fall victim to persuasion or bribery, where hackers ask to install malware onto internal systems.

However, teleworking is the biggest problem, as a lot of people have been either using their own devices or switching between corporate and personal devices for work-related tasks, NordVPN states.

Narkuson says, “When internal corporate systems get breached, 99% of cases are caused by employees. The most popular way to lure employees into the trap is by email.

"Businesses must stay alert and should employ defense-in-depth tactics and equip themselves with multilayered security mechanisms, including high-sensor spam filters and a VPN connection, which would prevent malicious pages from opening.

"Additionally, employers must inject the habit of using VPN both on corporate and personal devices, since they are often interconnected anyway.

The success of cyber threat management lies with employees and only comes with awareness. Recently, Russian hackers attempted to target the Tesla Gigafactory in Nevada.

However, an unnamed Tesla employee saved the company $400 billion by reporting a suspicious connection attempt to authorities. Such stories with a happy ending are expected to be more frequent, NordVPN states.

Gartner predicts that the financial impact of attacks against cyber-physical systems that result in fatal casualties will reach over $50 billion by 2023.

As a result, CEOs will become personally liable for hackings by 2024, and the very top of the management will start investing into cybersecurity infrastructure and training.