Anti-Malware

How Can DMARC Help Against Spoofed Emails Containing Malware?

It is estimated that billions of emails are sent every day that are malicious or can be classified as phishing in nature. These emails are sent to lure people into visiting fake websites, contain malware in content, or are a part of a great scam that seems legitimate in the beginning. The frequency and quantity of these emails have increased greatly after the Work From Home culture has been adopted across the globe due to the recent Pandemic.

You can either choose to read the Latest News about Malware attacks or click here to learn more about DMARC (Domain-based Message Authentication, Reporting & Conformance)

Latest News about Malicious Emails

Password Stealing Malware sent to Energy Suppliers

In a recent report sent out by Intezer, a phishing campaign has been active for more than a year that is sending legitimate look-alike emails to steal passwords. These phishing emails have been so carefully drafted and well researched that the receivers are often duped into thinking that they are interacting with legit companies.

According to the report the targets of this phishing campaign are energy, oil, and gas companies that have a huge database of customers. The first step is to of course steal credentials and other sensitive information. A similar pattern has been observed in the technology and manufacturing sectors around the world especially in the United States, UAE, Germany, and South Korea.

The malware-infected email contains an attachment that looks like a PDF file with more details but in reality, it is an IMG, ISO, or CAB file which will redirect a user to a malware file. The research paper released by the security company warned users to be careful while opening emails that are sent from outside of your company’s domain. Any Suspicious files or links must be ignored.

Microsoft Reports about Malware Spreading Emails from Fake Call Centers

Microsoft has recently warned its users about fake emails that create a situation where the users are forced to call the number provided in the email to cancel a subscription or claim their prize. When the user calls the given number, the representative who answers the call convinces the user to navigate to a website and download malware that is disguised as a legit file.

Once such malware is identified it is BazarLoader that assists hackers to gain backdoor access to an infected Windows Host Computer. Once the connection to a computer is established, the people with malicious intent send malware to the user’s computer and grab important information like credentials and other identity proofs.

Spectra Logic- The Company That Did Not Pay For the Ransomware in Their System

Another interesting incident was at Spectra Logic where the IT promptly pulled the plugs manually on their server room and brought the entire infrastructure to a halt. Then they contacted the FBI who sent a team and it took a couple of weeks to restore everything from the offline backups which the company had wisely made. The attack was carried out by sending a phishing email to an employee working from home during the Covid Pandemic.

There are many such instances, especially the case of Prometheus Ransomware which has emerged this year and is known to have attacked 30 companies so far. Other than this, there is REvil and Thanos that are considered to be dangerous too, But with new security measures in place, it will become difficult for these malicious actors to accomplish their heinous goals.

Domain-based Message Authentication, Reporting & Conformance (DMARC)

The reason why malicious emails are not identified is that the hackers spoof the sender’s identity in the ‘FROM’ field and change it to someone the user trusts. It has also been observed that cybercriminals can change the name in the ‘FROM’ field to a colleague or manager which means that the email would be opened for sure without any doubt. This can result in further cyberattacks, including credential theft, ransomware, and malware.

Introducing DMARC which is an acronym for Domain-based Message Authentication, Reporting & Conformance, an email authentication protocol that restricts any foreign entity to send emails on your company’s domain. It ensures that authorized senders can only email and other emails are treated as spam. With no spoofed emails, an analysis by Valimail suggested that in the domains where DMARC was enforced the percentage of suspicious emails dropped to 0.4%.

Alexander García-Tobar, CEO of Valimali, stated that with privacy laws enforced in the United States, it becomes essential to enforce a DMARC policy for all the companies that do business in that area.

DMARC works on three basic policies with Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) to determine the authenticity of the email. These policies are:

Monitor (p=none) that Monitors your email traffic without taking any action.

Quarantine (p=quarantine) directs all unauthorized emails to the spam folder.

Reject (p=reject) ensuring that unauthorized emails do not get delivered to.

The Final Word On How Can DMARC Help Against Spoofed Emails Containing Malware?

DMARC seems to be the best solution that should be applied by all organizations that have granted work-from-home facilities. The number of malicious emails is never going to stop but rather will increase many times. Avoid opening suspicious emails that offer free stuff and delete those that come from organizations you have not heard of. With DMARC, an added sense of security is added to your organizations’ network. Follow us on social media – FacebookInstagram and YouTube.

Leave a comment