Curated Tech Content

Whether we are publishing our own original content or helping our partners get the word out about their technologies. We bring you the latest news, market trends and product innovation.

Go Phish!

Email is the most commonly infected application for malware and other threats.  Over the years, organisations worldwide have suffered through hefty payouts, paralysed systems, and damaged reputations simply because of a malicious Microsoft Word document or PDF attachment.

Along with businesses and the rest of the security industry, IT Providers continue to up the ante in our battle against email threats. However, cybercriminals also adapt and change their methods to continue targeting users. We looked into the state of email threats and security to provide a clearer picture of what organisations are up against — and what can protect them.


Ransomware continued to proliferate in 2018 with the U.S., Japan, Taiwan, and Australia found to be most affected. Email-borne malware families pose new threats. For example, the banking Trojan TrickBot, is equipped with new capabilities designed to steal data saved by Microsoft Outlook® by opening relevant registry keys.

The abuse of email services is also common to hacking groups like Pawn Storm, which continues to use email in its relentless campaign to target not just businesses but also governments. In late 2017, Pawn Storm launched credential phishing and spear-phishing attacks against several organisations by exploiting the preview pane of Outlook Web Access.


It may seem easy to spot maliciously decorated emails using bare observations that don’t require complex security solutions. The truth is that businesses can still be misled when tricked with sophisticated BEC scams.

BEC scams have proven to be so vicious that even software and technology companies were not spared. In early 2017, social engineering tactics were launched against Google and Facebook. The two tech titans had been reportedly defrauded of over $100 million by a man who allegedly falsified supplier invoices.

It is predicted that BEC incidents are on track to multiply in 2018, with global losses expected to reach $9 billion.


Given that email is still the most common infection vector for malware threats, organisations need multiple layers of protection to combat email-borne threats that continue to evolve and spread.


Ransomware, BEC and other threats will only continue to abuse email as it has proven to be one of the most easily utilized platforms to gain a foothold in an organisation. Using a multilayered identification process for transferring funds can mitigate BEC scams. IT professionals and organisation employees should be trained to look out for BEC indicators and practice proper email protocols such as inspecting inbound and outbound messages. Stopping email-borne ransomware from infecting endpoints and systems is also possible by adopting best practices against socially-engineered spam emails.

Moreover, cybercriminals will use different kinds of social engineering tactics to coerce potential victims into downloading files or giving out sensitive information, so it is important to educate employees on how to avoid phishing attacks. Simple steps, such as bookmarking trusted websites and never clicking on links accompanied by suspicious promises, go a long way.

If cybercriminals have already successfully infiltrated the organisation’s network, there are recovery steps that can be followed. No matter how well-implemented the company’s security policies are, there can be occasional or accidental gaps. For phishing attacks, a password reset followed by proactive email deletion should be the priority.

Email threats are advanced, pervasive, and costly. At ASI Solutions we work with our clients to develop workforce cybersecurity awareness and implement customised security solutions to mitigate threats before they cause havoc to your business.


SOURCE: Trend Micro Cloud App Security 2017 Report: Boosting the Security of Office 365 by Blocking 3.4 Million High-Risk Threats