When it comes to phishing attacks, a few techniques are most commonly used to attack PCs. Data from cybersecurity company Proofpoint analyzed billions of emails targeting Proofpoint customers for the following conclusions.
Microsoft Office macros, Sandbox evasion, and PowerShell are the most popular among cybercriminals distributing attacks. These attacks typically come via phishing emails, according to researchers that analyze billions of such attacks.
#1 - Macros
According to researchers at cybersecurity company Proofpoint, the most common attack technique is still malicious Office macros, deployed by cybercriminals looking to compromise PCs after they’ve tricked victims into opening phishing emails.
What are macros? Macros are a function of Microsoft Office and allow users to enable automated commands to help run tasks. This feature is often abused by cybercriminals looking for an entrance into a victim’s computer or network.
Most cyber-attacks start with phishing emails, followed by deploying psychological tricks to convince the victim to open and then interact (i.e., click a link) with the malicious message. Cybercriminals can often get victims to interact with malicious emails by sending them from well-known brands, people in your network (boss, co-worker, etc.), or even including fake invoices that appear outstanding. Victims often recognize something in the malicious email that is familiar, causing them to unknowingly “click” and interact with the message. This is the open door that hackers hope for.
#2- Sandbox evasion
Don’t be deceived: macros are not the only technique to be wary of. The second most common form of attack technique is called Sandbox evasion and is used by cybercriminals to distribute phishing emails. The ultimate goal of Sandbox evasion is to stop analysts from being able to examine a cyber attack by effectively hiding the malware threat detection. In this way, cybercriminals remove the ability of cybersecurity teams to protect systems against their malware.
Using phishing emails to get a foothold, cyberattackers frequently use PowerShell to gain access to networks. With PowerShell, it’s common to send the victim a link to click. When clicked, the code in the link deploys PowerShell into the victim’s network. Because these types of attacks use a legitimate Windows function, they can be challenging for cybersecurity teams to detect--and, for obvious reasons, make them popular among cybercriminals.
If you are concerned you have been targeted by a phishing email or other form of cyberattack, contact PK Tech or your cybersecurity team before taking any action. Contact PK Tech here.