Threat Awareness – When Secure Email Gateways Miss Malware

Technology plays an essential role in the security of any organization. While it’s important to utilize, and often rely on, security tools to keep our data and organizations safe, it’s important to remember that these same tools are not foolproof. As of late, threat actors have been observed using various tactics (some new) to bypass Secure Email Gateways (SEGs). As Jennifer Lyn Walker, WaterISAC’s Director of Infrastructure Cyber Defense said, “when technology fails to stop threats, we need to be able to recognize the threats that make it into our inboxes.”

See WaterISAC’s previous coverage of email security and SEG bypass.

Overview of recent observations

Threat actors have been recently observed exploiting the way SEGs analyze the contents of archive file attachments. They employed a .zip archive, which the SEG incorrectly identified as containing a harmless .Mpeg video file, allowing it to bypass blocking or filtering measures. When users opened the archive in Outlook or Windows Explorer, it was revealed as an .html file, leading victims to execute the embedded malware.

What to do about it

Awareness of the threat is most crucial. Having sophisticated security tools does not guarantee that every email that falls into employee inboxes is safe. Members are encouraged to incorporate the attack method described above into security awareness training to help keep users aware of these types of threats.  

For more information on threat actors’ recent methods to bypass SEGs, visit Cofense.