Top 3 file types with embedded malware in email attachments

The threat of malware is growing by the moment. From state sponsored hackers, ideological actors, and ad hoc groups out solely for financial gain, the threat landscape is vast, the risks are astronomical, and the prospects don’t appear to be getting better anytime soon. While it may appear difficult to pinpoint the intersection where these complex cyber threats will impact your business most directly, the reality may be right under your nose and spread across your email box.

The deep connection between malware and email attachments has been known for many years, however recent trends have reached a boiling point.

Today, the overwhelming majority of cyber-attacks originate from email attachments. According to the ‘Verizon Data Breach Investigations report’ that ‘90% of malware arrived in an email and 60% of web application attacks were aimed at cloud-based email servers.’

With “Antivirus institutes, like AV-TEST registering approximately 400 000 new malware software per day”, the time has come where users must both know where the threat coming from and how to mitigate the outcomes. Part of this process involves identifying the most common file types with embedded malware and applying innovative solutions to diminish the threats from this vector.

Which file types are most at risk?

ZIP and RAR archives

As that data has illustrated time and time again, Zip and RAR archives are an ideal avenue for hackers to conduct highly sophisticated phishing campaigns. With their easily confusing names, which can mix up legitimate files with potentially corrupt permutations, as well as complex methods to evade basic antivirus detection, ZIP and RAR archives are increasingly used to export secure data and extract critical data from secure environments.

According to Kaspersky “Cybercriminals love to conceal malware in archives. For example, ZIP files teasingly titled Love_You0891 (the number varied) were used by attackers to distribute GandCrab ransomware on the eve of St. Valentine’s Day. Other scammers were sighted a couple of weeks later sending archives with the Qbot Trojan, which specializes in stealing data.”

With ZIP and RAR archives, attackers have a broad range of methods to compromise security constraints and phish vital data from unknowing users.

Microsoft Office Documents

In 2020, the most common file type with embedded malware were Microsoft Windows exe files followed by Microsoft Word doc files. Where in the past a diverse range of file types filled the bucket of potential threats, often hackers are reading the market, focusing their malware to the most accessible vectors and file types, and increasing relying on office files as their attachment of choice in sending malware worldwide.

Part and parcel to the risk associated with office files is the threat of embedded macros within. As hackers embedded macros within office files, legacy security product, such as antivirus, lose their capabilities to provide effect protection. Interestingly enough, this trend is bringing new life into phishing tactics of the early 2000s which heavily relied on embedded macros within office files.

The risks have grown so high that the US Justice Dept has specifically advised business, when possible to disable macros to mitigate the potential risk of malware within this file type.

PDF Files

According to recent findings by TrendMicro and others, PDFs are quickly becoming one of the most common vectors for embedded malware. As one of the most common file types sent, especially since the rise of the covid-19 pandemic, PDF files are an ideal method to begin malicious phishing campaigns as well as data extraction.

PDFs pose a unique risk to business and users as they often don’t require the same antivirus sanitization process required in other file types.

Simply put “In some kinds of malicious PDF attacks, the PDF reader itself contains a vulnerability or flaw that allows a file to execute malicious code. Remember that PDF readers aren’t just applications like Adobe Reader and Adobe Acrobat. Most browsers contain a built-in PDF reader engine that can also be targeted. In other cases, attackers might leverage AcroForms or XFA Forms, scripting technologies used in PDF creation that were intended to add useful, interactive features to a standard PDF document.”

As a direct result of this accessibility in the structure of the PDF hackers can easily exploit this file type to compromise its structure and embed malicious content within.

Reflections on File Protection

Ransomware, zero-day attacks and spear phishing. What brings these devastating attacks together? The fact that the prime vector for facilitating these events is through email campaigns and sending attachments with embedded malware. From PDFs and office files, ZIP and RAR and countless others, hackers are increasingly turning to embedded malware as their avenue of approach to impart devastating consequences.

In order to mitigate the risk of cyber-attacks and malicious files imparting cataclysmic damage to data and reputation business and concerned citizens alike must take a deeper look through their emails, to apply new solutions which can effectively control and silo the risks of file-based malware.