Malicious attachments typically come along with phishing emails. They may come in the form of a fake invoice, or word doc and contain threats like ransomware, malware, keyloggers and other threats.
Look at the file extension – extensions such as .exe should never be opened and are blocked automatically in most cases for that reason. The issue is there are dozens of file extension types and nearly all can be malicious, even .doc for Word documents, which can contain ransomware in macros. The best advice is to never open attachments you are not expecting, and if you must, make sure you have advanced email security in place which will sandbox them before you open them to ensure they are safe.
File archive – extensions such as .zip, .rar, or .7z are commonly used to hide malicious files from being scanned by email security and other systems. The file is often hidden in the attachment behind a password that is given to you in the email. The best advice here again is to never open these file types unless you are expecting them.
The Sender – if you don’t know them and weren’t expecting any attachments, don’t open it.
If it is from someone you know, it still may be a malicious attachment. Their email may have been compromised. Call them and ask them if they just sent an attachment and if so what does it contain.
Email Content – are there spelling errors, weird impersonal greetings, weird grammar etc. These are key indicators as bad actors are commonly from foreign countries where english is not their primary language
It feels suspicious – Were you not expecting the email?
Advanced email security – The best defense is to have email security that opens unknown attachments before they enter your inboxes to see what they do. This process is called system emulation or sandboxing and is done to all emails that contain attachments that are unknown to the email security service.
Block dangerous file extensions – There is very little reason the following extensions should be in legitimate emails: .adp, .app, .asp, .bas, .bat, .cer, .chm, .cmd, .cnt, .com, .cpl, .crt, .csh, .der, .exe, .fxp, .gadget, .hlp, .hpj, .hta, .inf, .ins, .isp, .its, .js, .jse, .ksh, .lnk, .mad, .maf, .mag, .mam, .maq, .mar, .mas, .mat, .mau, .mav, .maw, .mda, .mdb, .mde, .mdt, .mdw, .mdz, .msc, .msh, .msh1m, .msh2m, .mshxmlm, .msh1xml, .msh2xml, .msi, .msp,.mst, .ops, .osd, .pcd, .pif, .plg, .prf, .prg, .pst, .reg, .scf, .scr, .sct, .shb, .shs, .ps1, .ps1xml, .ps2, .ps2xml, .psc1, .psc2, .tmp, .url, .vb, .vbe, .vbp, .vbs, .vsmacros, .vsw, .ws, .wsc, .wsf, .wsh, .ade, .cla, .class, .grp, .jar, .mcf, .ocx, .pl, .xbap
Security Awareness Training – Create a user firewall by educating email users on how to identify threats. Proactively test them by sending them real looking phishing emails and see who falls for the bait.
Not all EDR platforms are built the same, and the gap between CrowdStrike EDR and…
The expectations organizations bring to EDR solution providers have shifted considerably. A few years ago,…
Any meaningful SIEM solutions comparison has to go beyond spec sheets. Feature parity across major…
Finding the right SIEM options for top security operations has never involved more variables. Cloud-native…
Choosing a SIEM platform has never been more complicated — or more consequential. The market…
The way organizations monitor their networks has changed more in the past three years than…
