Maksim Kabakou - Fotolia

Security Think Tank: User education key to blocking email-borne malware

What strategies should organisations follow to block malware attachments which continue to account for two-thirds of malware infections that result in data breaches?

Almost 25 years ago, the first ever email attachment was sent, using the new multipurpose internet mail extension (Mime) protocol. The technology spread like wildfire; and fast forward to now, around 200 billion email messages are sent daily. Many include attachments, from the modest logos in email signatures, through to stupidly large Microsoft Office files that people really should put on a USB stick and send in the post. It goes without saying that it’s easy for criminals to slip in a few malicious emails without being noticed.

The first real damaging email-bourne malware cases go back to 1999, with the Melissa, ILOVEYOU and Anna Kournikova worms. These were simple scripts, that when opened, would delete random files from user hard drives; and then email themselves to all contacts in the user’s address book. Further recipients were likely to trust the original sender; and as long as they were wondering why someone was smitten with them, or simply just liked pictures of tennis stars, then they too would open the attachment.

ILOVEYOU was particularly nasty, and over fifty million infections were reported. Many more millions, no doubt, went unreported. Email systems were shut down globally. Even antivirus suppliers were affected and had to take action.

Many more email worms followed, with antivirus suppliers reaping in the profits as they wrote specific signatures to defeat each worm variant. With 16 plus years’ experience of dealing with email-borne malware, one might think the problem is in hand. 

But users still open bad items, or follow links to malicious web pages. 200,000 users did this as recently as last week, and became infected with WannaCry. OK, this is a lot better than the 50,000,000 that were duped by ILOVEYOU, but it’s still significant.

Back in 1999, I’m sure there were plenty of paper-based duties one could get up to whilst IT support fixed infected PCs, or just go to grab a cup of tea. But today, PCs perform a critical function. Users can’t do without them. Downed users cost companies money – without even beginning to think about all the lost data they haven’t backed up. 

Whilst a host and perimeter-based malware defence solution is highly recommended, more so to ensure users receive quality of service and don’t get spammed to death, there is no such thing as a 100% security, or any strategy other than user education that will defeat malware infection.

Read more from Computer Weekly’s Security Think Tank about blocking malware attachments

Even Verizon’s annual data breach report of 2017 confirms that 66% of malware was installed through malicious email attachments. This is a huge proportion. Malicious email attachments don’t just open themselves – they need user interaction. 

It could also be argued that users with the latest and greatest anti-malware solutions are far more likely click on anything anyway, as they think they’re protected – but unless this is reinforced through a strong security awareness programme, organisations will be fighting the same losing battle as they faced back in 1999. 

Read more on Hackers and cybercrime prevention