Old Tricks for New Threats: Ransomware and Email Security


               WannaCry is unlikely to be the last mockingly-named piece of ransomware that takes the

               security landscape by storm. Belying its unfortunate and seemingly innocuous handle, the threat
               successfully penetrated the cyber defenses of at least 220,000 computers in 150 countries

               around the world.


               Following closely on the heels of WannaCry, the Necurs spambot has been hailed as one of the
               more successful vehicles for cybercrime, with the latest spike showing that attackers are clearly

               becoming more sophisticated and evolving their techniques to evade security defenses. The
               notorious spambot made its mark on the security landscape by sending large volumes of spam
               from nearly five million infected bots.



               But while these high-profile attacks rely on rapid proliferation methods and sophisticated
               evasive techniques, they’re entering corporate networks by one of the simplest means possible
               – via email. WannaCry spread via phishing attacks and the method used to propagate Necurs

               was a multi-layered, malicious document triggered by a macro. In short, organizations are
               opening the door to these threats by clicking on infected Word Docs and other attachments,

               exposing their organization to devastating breaches and financial loss. And going forward, it will
               require a comprehensive mindshift – a concerted move away from apathy and a willingness to
               move past outdated solutions, before this problem gets better.


               Email: Ransomware’s Secret Weapon


               It’s well established that over 90 percent of successful malware attacks are delivered through
               email, especially attachments of common file types such as Word documents, Excel

               spreadsheets, PowerPoint files and PDFs. Perhaps not surprisingly, these techniques are just
               as effective for the proliferation of ransomware attacks such as WannaCry, Necurs and others.



               Like their predecessors, ransomware attackers rely on a host of age-old tricks. Attackers initiate
               their assault by easily compiling social media details about employees and their interests, which
               can be combined with authorship details and other metadata left on website documents or

               outbound files. From there, they put the data together to create an email that appears to be from
               a trusted contact or colleague, addressing a subject of immediate relevance, and possibly using
               a subject line already circulating.

                    46   Cyber Warnings E-Magazine – August 2017 Edition
                         Copyright © Cyber Defense Magazine,  All rights reserved worldwide.