Categories: Threat Insight

What are Malicious Attachments? How to Identify and Prevent Them.

What is a malicious attachment?

Malicious attachments typically come along with phishing emails. They may come in the form of a fake invoice, or word doc and contain threats like ransomware, malware, keyloggers and other threats.

How do I identify a malicious email attachment?

Look at the file extension – extensions such as .exe should never be opened and are blocked automatically in most cases for that reason. The issue is there are dozens of file extension types and nearly all can be malicious, even .doc for Word documents, which can contain ransomware in macros. The best advice is to never open attachments you are not expecting, and if you must, make sure you have advanced email security in place which will sandbox them before you open them to ensure they are safe.

File archive – extensions such as .zip, .rar, or .7z are commonly used to hide malicious files from being scanned by email security and other systems. The file is often hidden in the attachment behind a password that is given to you in the email. The best advice here again is to never open these file types unless you are expecting them.

The Sender – if you don’t know them and weren’t expecting any attachments, don’t open it.

If it is from someone you know, it still may be a malicious attachment. Their email may have been compromised. Call them and ask them if they just sent an attachment and if so what does it contain.

Email Content – are there spelling errors, weird impersonal greetings, weird grammar etc. These are key indicators as bad actors are commonly from foreign countries where english is not their primary language

It feels suspicious – Were you not expecting the email?

How do I prevent infections from malicious attached files?

Advanced email security – The best defense is to have email security that opens unknown attachments before they enter your inboxes to see what they do. This process is called system emulation or sandboxing and is done to all emails that contain attachments that are unknown to the email security service.

Block dangerous file extensions – There is very little reason the following extensions should be in legitimate emails: .adp, .app, .asp, .bas, .bat, .cer, .chm, .cmd, .cnt, .com, .cpl, .crt, .csh, .der, .exe, .fxp, .gadget, .hlp, .hpj, .hta, .inf, .ins, .isp, .its, .js, .jse, .ksh, .lnk, .mad, .maf, .mag, .mam, .maq, .mar, .mas, .mat, .mau, .mav, .maw, .mda, .mdb, .mde, .mdt, .mdw, .mdz, .msc, .msh, .msh1m, .msh2m, .mshxmlm, .msh1xml, .msh2xml, .msi, .msp,.mst, .ops, .osd, .pcd, .pif, .plg, .prf, .prg, .pst, .reg, .scf, .scr, .sct, .shb, .shs, .ps1, .ps1xml, .ps2, .ps2xml, .psc1, .psc2, .tmp, .url, .vb, .vbe, .vbp, .vbs, .vsmacros, .vsw, .ws, .wsc, .wsf, .wsh, .ade, .cla, .class, .grp, .jar, .mcf, .ocx, .pl, .xbap

Security Awareness Training – Create a user firewall by educating email users on how to identify threats. Proactively test them by sending them real looking phishing emails and see who falls for the bait.

Ron Samson

Recent Posts

Top 5 Benefits of Managed Endpoint Detection and Response for Businesses

In today's digital landscape, businesses face an increasing number of sophisticated cyber threats. To combat…

2 weeks ago

SIEM Data Retention Best Practices for Effective Threat Detection

Security Information and Event Management (SIEM) systems play a crucial role in modern cybersecurity strategies.…

3 weeks ago

Cloud SIEM Solutions: A Complete Guide to Streamlined Threat Detection

In today's digital landscape, organizations face an ever-increasing number of cyber threats. To combat these…

3 weeks ago

Endpoint Detection and Response vs Antivirus: Key Differences

In the world of cybersecurity, protecting endpoints - such as computers, laptops, and mobile devices…

3 weeks ago

Explaining What Is EDR in Cyber Security and Its Key Benefits

In the ever-changing world of cyber threats, organizations need robust tools to protect their digital…

4 weeks ago

How a Cyber Security SOC Analyst Responds to Real-Time Threats

In the realm of cybersecurity, the role of a SOC (Security Operations Center) analyst is…

4 weeks ago