Spear phishing messages with malicious attachments
|Spear phishing messages with malicious attachments|
Emails with malicious attachments are designed to get a user to open/execute the attachment in order to deliver malware payloads.1
Difficulty for the Adversary
Easy for the Adversary (Yes/No): Yes
Explanation: Sending the emails is the simple part, ensuring they make it to the target (e.g., not being filtered) may be challenging. Over time, an adversary refines their techniques to minimize detection by making their emails seem legitimate in structure and content.
Detectable by Common Defenses (Yes/No/Partial): Yes
Explanation: Many technologies exist to scan content and/or emulate a workstation prior to the target receiving and executing the attachment (detonation chambers) in order to reduce malicious emails and attachments being delivered to the intended target. However, encryption continues to be a stumbling block. In addition, there are a variety of commercial technologies available that enable users to screen for phishing messages and which are designed to enhance email security.