If you are like me, you are probably finding it hard to believe that the first quarter of 2019 is almost over. It seems like a good time to stop and take a breath and look at what some of this year’s prevailing cybersecurity threats have been so far. The year has seen the rise of several security threats, with the Center for Internet Security naming malspam as the ”primary infection vector in January.”

MSPs can build the most sophisticated firewalls and install the most stringent phishing tools, but at the end of the day, all your work can be undone by an enterprise employee opening the wrong email. Many of these emails typically appear mundane and work-related, with subject lines like “invoice attached.” That’s classic malspam, and it’s on the rise in 2019.

Malspam usually arrives in an email box unsolicited, directing the recipient to download an attached invoice, purchase order, or even word document. Of course, instead of a friendly invoice, it’s a bogus one releasing a payload that can wreak havoc on networks from stealing passwords to pilfering data.

SmarterMSP caught up with Belgium-based security expert Xavier Mertens, who has studied malspam extensively. Back in 2017, he posted results of analyzing close to 100,000 malspam files to see what subject headings entice people to open the most. Topping the list were finance-related topics (“invoice” was most popular), along with other subjects like order, quotation, purchase, and voucher.

While finance-related words continue to cause the most issues in 2019, bad actors know how to get inside peoples’ heads with irresistible, but simple, words. Who doesn’t get the warm-fuzzies from “love you?” Hackers know that and that is why using “love you” in the subject heading has been so effective. 

Subscribe to SmarterMSP.com

This year Japan has been ground zero for a retooled and costly “love you” campaign. We Live Security says: “the spam emails distribute a cocktail of malicious payloads, with some updates: we have seen attempts to download a cryptominer, a system settings changer, a malicious downloader, the Phorpiex worm, and the infamous ransomware GandCrab version 5.1.”

According to Mertens, there are many reasons malspam is on the rise, stating that “Emails remain a nice way to reach people, and people still must have corporate email addresses in their day to day life.”

Some companies tried to switch to a zero-email environment, but it’s not an easy move to make. Atos made a splash three years ago by vowing to be an email-free company by 2019, but this is an unrealistic option for most. Mertens also highlights the ease of generating emails and their low cost as being attractive to hackers. Plus, they are easy to fake and prey upon deep-seated social engineering.

MSPs and malspam

So, what can MSPs do to combat a hacker weapon that is so cheap and easy to send, and so enticing to recipients?

Mertens advises a top defense utilizing a combination of user education and cyber tools, like classic anti-spam and anti-virus checks, followed by a second layer of sandbox analysis.

“This won’t block all malicious emails, but will reduce the noise,” Mertens says.

Another weapon MSPs can use is implementing tools like requiring a digital signature to receive an email. Credentials of the sender must be verified before unlocking the email.

Dangerous payload

The Center for Internet Security has named Emotet, Kovter, Dridex, and NanoCore among the top malware being unleashed by malspam. Emotet has proven to be partially responsible for the statistical rise in malspam, by targeting recipients’ money and causing big problems over the past year.

“Emotet can also spread across the network (worm), and it collects private information from victims’ computers. At a certain point, it’s so difficult to detect the malspam that it’s more efficient to make its life more difficult,” explains Mertens.

With so many technological tools at our disposal, there’s an irony that often the bad guys gain access by just using the right word that entices people.

“Users can’t be blamed for opening a malicious attachment,” admits Mertens. “HR departments have to open resumes, accounting departments have to open invoices, and so on. Sometimes people are just tired and make mistakes, it’s just the human factor.”

However, money remains the motivator in so much of this, which is why the word “invoice” will continue to be so tough to resist for both the hacker and the hacked.

“Every organization is dealing with invoices all day long! The same goes for an average user: If you are notified that you ordered $1,000 of goods, but it’s not the case, you will try to understand why and how to prevent the order from being processed. Money is a crucial motivation for people,” details Mertens.

MSPs need to be mindful of that and advise clients to have their employees think twice before opening an invoice or falling prey to “love you.”

Photo:  Rawpixel.com / Shutterstock

Kevin Williams

Posted by Kevin Williams

Kevin Williams is a journalist based in Ohio. Williams has written for a variety of publications including the Washington Post, New York Times, USA Today, Wall Street Journal, National Geographic and others. He first wrote about the online world in its nascent stages for the now defunct “Online Access” Magazine in the mid-90s.

Leave a reply

Your email address will not be published. Required fields are marked *