With  33% of American TikTok users admitting they regularly consume their news on the social video app, it is no wonder that no more than ever before social platforms can become a dangerous weapon once they reach the wrong hands. The recent takeover of controversial people over social platforms raises a question about the new narrative of absolute truth vs fake news and responsibility.

At odix lab, we meet malware and malicious codes wearing masks as “innocent files” daily. In the spirit of Halloween and universal truth, we are happy to share the top 3 file types with embedded malware delivered as an email attachment that anyone should be worried about.

The threat of malware is growing at the moment. From state-sponsored hackers, ideological actors, and ad hoc groups out solely for financial gain, the threat landscape is vast, the risks are astronomical, and the prospects don’t appear to be getting better anytime soon. While it may appear difficult to pinpoint the intersection where these complex cyber threats will impact your business most directly, the reality may be right under your nose and spread across your email box.

The deep connection between malware and email attachments has been known for many years, however recent trends have reached a boiling point.

Today, the overwhelming majority of cyber-attacks originate from email attachments. According to the ‘Verizon Data Breach Investigations report’ ‘90% of malware arrived in an email and 60% of web application attacks were aimed at cloud-based email servers.’

With “Antivirus institutes, like AV-TEST registering approximately 400 000 new malware software per day”, the time has come when users must both know where the threat coming from and how to mitigate the outcomes. Part of this process involves identifying the most common file types with embedded malware and applying innovative solutions to diminish the threats from this vector.

Which file types are most at risk?

ZIP and RAR archives

As that data has illustrated time and time again, Zip and RAR archives are an ideal avenue for hackers to conduct highly sophisticated phishing campaigns. With their easily confusing names, which can mix up legitimate files with potentially corrupt permutations, as well as complex methods to evade basic antivirus detection, ZIP and RAR archives are increasingly used to export secure data and extract critical data from secure environments.

According to Kaspersky “Cybercriminals love to conceal malware in archives. For example, ZIP files teasingly titled Love_You0891 (the number varied) were used by attackers to distribute GandCrab ransomware on the eve of St. Valentine’s Day. Other scammers were sighted a couple of weeks later sending archives with the Qbot Trojan, which specializes in stealing data.”

With ZIP and RAR archives, attackers have a broad range of methods to compromise security constraints and phish vital data from unknowing users.

  • Microsoft Office Documents

In 2020, the most common file type with embedded malware was Microsoft Windows exe files followed by Microsoft Word doc files. Where in the past a diverse range of file types filled the bucket of potential threats, often hackers are reading the market, focusing their malware on the most accessible vectors and file types, and increasingly relying on office files as their attachment of choice in sending malware worldwide.

Part and parcel to the risk associated with office files is the threat of embedded macros within. As hackers embedded macros within office files, legacy security products, such as antivirus, lose their capabilities to provide effective protection. Interestingly enough, this trend is bringing new life into the phishing tactics of the early 2000s which heavily relied on embedded macros within office files.

The risks have grown so high that the US Justice Dept has specifically advised businesses, when possible to disable macros to mitigate the potential risk of malware within this file type.

  • PDF Files

According to recent findings by TrendMicro and others, PDFs are quickly becoming one of the most common vectors for embedded malware. As one of the most common file types sent, especially since the rise of the covid-19 pandemic, PDF files are an ideal method to begin malicious phishing campaigns as well as data extraction.

PDFs pose a unique risk to businesses and users as they often don’t require the same antivirus sanitization process required in other file types.

Simply put “In some kinds of malicious PDF attacks, the PDF reader itself contains a vulnerability or flaw that allows a file to execute malicious code. Remember that PDF readers aren’t just applications like Adobe Reader and Adobe Acrobat. Most browsers contain a built-in PDF reader engine that can also be targeted. In other cases, attackers might leverage AcroForms or XFA Forms, scripting technologies used in PDF creation that were intended to add useful, interactive features to a standard PDF document.”

As a direct result of this accessibility in the structure of the PDF, hackers can easily exploit this file type to compromise its structure and embed malicious content within.

Reflections on File Protection

Ransomware, zero-day attacks, and spear phishing. What brings these devastating attacks together? The fact that prime vector for facilitating these events is through email campaigns and sending attachments with embedded malware. From PDFs and office files to ZIP and RAR and countless others, hackers are increasingly turning to embedded malware as their avenue of approach to impart devastating consequences.

To mitigate the risk of cyber-attacks and malicious files imparting cataclysmic damage to data and reputation businesses and concerned citizens alike must take a deeper look through their emails, to apply new solutions which can effectively control and silo the risks of file-based malware.