Poor e-mail practices pose security risk

E-mail is still a commonly used tool to spread malware, as one in 10 people are likely to open e-mail messages from unknown senders, says a senior Cisco Systems executive.

SINGAPORE--Cybercriminals are still using e-mail as a means to launch malware attacks on enterprises, according to a senior executive at Cisco Systems.

"E-mail is still the vehicle by which they can infect corporations," said John Stewart, Cisco's chief security officer, in a teleconference Tuesday with journalists and analysts.

Referring to a Cisco study conducted last year, Stewart said that regardless of country, over 10 percent of respondents will still "double click on all e-mail [messages], no matter where they come from".

Attackers, he said, exploit this vulnerability to spread malware, and "one out of 10 [people] get infected [by malware] because of bad behavior".

"That means the very technique by which malware is being propagated is still succeeding [for] that 10 percent of the population," he added.

Stewart cited an example of a U.S. federal institution that got infected by malware via e-mail, because someone within the organization opened an e-mail message that contained malware.

According to MessageLabs, targeted cyberattacks via e-mail is on the rise. In March, the e-mail security specialist intercepted 716 e-mail messages which were part of 249 targeted attacks aimed at 216 of its customers, and almost 200 of the stealthy attacks comprised a single malicious e-mail designed to infiltrate an organization.

In January, hundreds of thousands of people were infected by a Trojan horse--named "Storm Worm" by antivirus vendor F-Secure--over a weekend. Cybercriminals took advantage of the situation of a real-life extreme storm in Europe to spread the Trojan through e-mail that claimed to include breaking news about the weather.

More recently, a two-factor authentication system operated by Dutch bank ABN Amro was compromised, and four of its customers had money stolen. This occurred after malware infected their machines because they opened an e-mail with an attachment that claimed to be from the bank.


You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All