[CYBERSECURITY ADVISORY] - Password protected archive attachments

Update on the current cybersecurity situation

We are currently seeing an increase in unsolicited messages containing malware in password-protected archive attachments (zip files). The password required for manual extraction of the file containing the malware is mentioned in the message text. As the malicious content is contained within a file inside a password-protected archive it cannot be detected by virus scanners.

Recommended action

To mitigate the situation, you can request that we block all messages containing password-protected archives. To implement this change, please send a request to support@dualog.com with the subject “Block password protected archives”.

Please note that we can whitelist specific to and from addresses by request, in order to allow specified, legitimate password protected archives to go through our filters. This information will need to be included in your request.

Some background information on the current wave of attacks

The Emotet malware threat was thought to be dead after global officials took down the botnet and law enforcement sent a destructive update to the Emotet's executables. However, the virus re-emerged back in November and is now rapidly spreading, using several ways to compromise networks.

We do see signs of it hitting our customers as well, with a correlated rise of incoming emails with password protected attachments, and viruses blocked.

I recommend watching our Webinar on cybersecurity threats, which includes examples of what Emotet attachment may look like.

We are continuing to monitor the situation and as always encourage our customers to be cautious when receiving messages containing links and/or attachments. Please let us know if you have any further questions.

You can read more about the return of Emotet in this article: Rebirth of Emotet: New Features of the Botnet and How to Detect it (thehackernews.com)


Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request



Article is closed for comments.