In the majority of cyberattacks, email attachments remain the preferred vehicle for malicious contents. Despite facing defense mechanisms, intelligent threat detection and AI-powered analytics, attackers have repeatedly proven their ability to sneak malware into corporate networks – especially by way of email attachments. In this context, one crucial approach to email security is often underrated – the basic, preventive blocking of all potentially harmful file formats regardless of threat detection outcomes.
Risk caused by seemingly harmless attachments
Attackers make use of legitimate tools or file formats such as Java or PowerShell files as well as office documents containing imbedded macros or password protected archives. Although potentially harmful, from a technical perspective many of these formats initially appear inconspicuous, meaning that they are not always reliably detected by conventional AV engines or even sandboxes.
A typical example from the real world: In the day-to-day administration of a hospital or medical laboratory, staff don’t usually encounter java files (.jar) or executable scripts (.ps1, .vbs). Bank employees, likewise, generally don’t need to work with compressed, password protected archives (at least not in their email inboxes). Structured formats such as PDF, Excel or XML, which can be analyzed more easily and securely, are more widespread.
Knowledge of the sector’s characteristic file formats is beneficial
Rather than blocking messages generally, a more nuanced view which takes the specific sector into consideration can help companies to purposefully bolster their security. In many sectors, it is clearly evident which file formats are required in daily business communication – and which invariably represent a risk. The same approach can be applied to specific sectors or job profiles within a company. In this way, the attack surface can be reduced considerably without compromising on the efficiency of communication or running the risk of filtering out legitimate emails.
Additional security layer with Retarus Attachment Blocker
Complementing our already comprehensive advanced threat detectionand AI-based sandboxing technologies with the targeted, systematic blocking of file types adds an extra layer of protection to bolster security substantially within corporate email communications. The Retarus Attachment Blocker allows both inbound and outbound emails to be filtered based on previously defined rules – for instance, according to file extensions, MIME types or suspect features like password protection.
Thanks to the newly expanded range of configuration options, IT administrators are set to benefit from an even more powerful tool. Nuanced filtering rules and sophisticated notification functions now enable the service to be adapted with more ease and precision to meet the specific requirements at your company. Look out for more on this topic in the near future.
