Zero-day Malware
Since the zero-day malware is not registered in the big data database, attacker uses new unknown malware that is difficult to detect in antivirus tests. For example, the vulnerability of zero-day is exploited to insert an attachment containing new malware that the security solution cannot detect, and send an email that induces users to click. Zero-day malwares may access memory on a victim’s computer system to damage or delete files and programs.
Learn more about security requirements of zero-day malware
Malware in Attachment
Malicious email attachment is one type of threat that attackers conceal malware inside of commonly emailed files. The attachments within these malicious emails can be disguised as documents, executable files, or even image and video files. These also can be encrypted files with other extensions. Attacks using executable files include falsifying the sender’s address to trick the recipient into opening emails with malicious documents. Attacks inserting malicious code into image and attaching it to the body of the email can be made.
Learn more about security requirements of malware in attachment
Malware in URL
Malicious URL attack is an attack by inserting a clickable link containing malware in emails for the purpose of inducing users to malicious websites. Also, the malicious URLs could be contained in a large attachment and/or in the body of the email. An attack that causes malware to be executed when a user clicks on a URL into an email or regular attachment, and not only at the time of delivery.
Learn more about security requirements of malware in URL
Forged Header
Forged header is a type of social engineering attack in which scammers dodge detection by forging account information on the header. attackers use forgery of email header to bypass the destination of emails when a user sends a reply. Through the forged header attack, attackers are able to intercept emails from normal users which may contain company’s credential information and personal information.
Learn more about security requirements of forged header
Look-alike Domain
Look-alike domain is a type of social engineering attack where attackers send a malicious email from an email address which is remarkably similar for the human eye to differentiate to a normal sender. For example, capital ‘I’ and lower case ‘l’ letters are similar in appearance so that they can be abused as an attack.
Learn more about security requirements of look-alike domain
Account Take-over (ATO)
Account take-over (ATO) is a social engineering attack that uses a real user’s account. After attempting to log in to the stolen email account to browse the email history of the user, to find the confidential information and potential secondary victims. For example, with the account information that the attacker stole from the phishing site, send an email asking for remittance account changes or deliver the confidential information stored in the account to external.
Learn more about security requirements of URL phishing
URL Phishing
URL phishing refers to attacks in order to steal the victim’s ID and password, the attacker creates a phishing page or website to induce the victim through a malicious URL or file embedded in email to enter account information.
Learn more about security requirements of URL phishing
