Email is a common method used by attackers to distribute ransomware. Attackers target victims using spoofed emails giving the appearance of a known contact. These emails will have malicious code, when opened results in the ransomware infection.
The most effective way to stop these threats is to validate the email as being free of malicious code before it is delivered.
The problem is that, most companies do not authenticating inbound mail as being malicious code free. These companies whom think they are, are typically
using an anti-virus that is based on historical data and cannot stop zero-day attacks, and we all know how that works out.
But it is not only emails; attackers often distribute ransomware through malicious ads promoted when users visit certain sites. The reasoning is to gather information on the user or the users company to determine what their capabilities are to pay a ransom.
Attackers are trending towards malicious links, and away from attachments.
It has become very common for, spammers to attack with social engineering messages, including malicious fax and voicemail notification emails. These emails have information that is typically used in legitimate fax and or voicemail messages, such as a caller ID’s.
What is common with most of these is links using hijacked domains and have a URL path that leads to a PHP landing page. If the user clicks on the links, (and we all have done it) they are led to a malicious file.
This recent trend for attackers shows how truly adaptable these attackers are, and shows us all how vigilant we all should be. No matter how smart we all think we are; there are teams of hackers as smart as, or smarter than us. Working non-stop finding innovative new ways to breach our networks.