Increasing Levels of Email-Delivered Malware

email malware russia ukraine

Summary:

In light of recent events surrounding Russia and Ukraine, there has been an increased threat surrounding email-delivered malware. The combination of malware and email is closely related to each other and around 90% of all malware is delivered through email and it's considered its main vector.

Detail:

The most common initial form is a Phishing attack. Phishing is a type of cyber fraud in which a cybercriminal tries to impersonate a person or company to gain your trust and then trick you into performing detrimental actions such as inputting sensitive credentials, giving out internal information or simply tricking a user into clicking on a malicious link. In the rise of attacks that we are currently witnessing, however, there has been a sizeable increase in malicious files (excel and word documents for example) also being attached to these emails in an attempt to encourage the user to open the file and compromise their machine, resulting in a foothold within your organisation's infrastructure.

CISCO's 2021 Cybersecurity Threat Trends report suggests that at least one person clicked a phishing link in around 86% of organisations. The company’s data suggests that phishing accounts for around 90% of data breaches.

With the recent escalation between Russia and Ukraine, where cyber attacks were reportedly used to aid the destabilisation of Ukraine’s regime and critical infrastructure, all organisations find themselves potential targets for cyber attacks as Russia responds to sanctions imposed on them for violating international law. These attacks can range from low-level phishing attacks to destructive attacks targeting critical infrastructure.

Recommended Actions:

While you can’t stop hackers from sending phishing or spear phishing emails, you can make sure employees are prepared, if and when one is received.     

Training employees on what to look out for can reduce the risk of your business being affected. Educate employees about the key characteristics of a phishing email and remind them to be scrupulous and inspect emails, attachments, and links before taking any further action.

  • We recommend you encourage your staff to read our blog on how to spot phishing emails: How to spot phishing emails
  • CyberGuard also offers a wide range of training provided via online courses that can be tailored to your specific needs. Furthermore, we can run proactive campaigns that test how susceptible to these cyber-attacks your company and its employees are.

Explore Cyber Services