Security Awareness – Password Protected Files Becoming Increasingly Popular Method to Bypass Traditional Email Security

Infosecurity Magazine has written an article discussing threat actors increasing use of password-protected files as an attack vector, while also providing methods to mitigate against this threat activity. This technique has become an increasingly popular way of delivering malware, as it allows threat actors to utilize filesharing channels beyond email, such as SMS, workplace collaboration tools, or social media messaging, to drop payloads.

Q3 of 2022 saw 42 percent of malware delivered through archive files and that trend continues into today, as demonstrated by this week’s reporting on threat actors utilizing compromised Microsoft 365 accounts to deliver a malicious encrypted file. The article recommends that organizations expand their security responsibilities to include the browser, as this tactic takes advantage of the average staff members relative lack of browser security training compared to email security awareness. Preventive security technologies that provide more insight into web browser activity are a key part of this shift. Read more at Infosecurity Magazine.