Status of Today’s Email as a Malware Vector

Email has been in use since 1971, as developed by Ray Tomlinson, the person responsible with defining the “@” symbol that separates the domain name from the user’s email name. Even after 37 years, there is no doubt that email will continue to grow, in fact in there is an observation that 333 billion emails will be sent on the year 2022. The difficult fact to swallow is more than half of it surely will just be junk emails, AKA Spam. This stats plus more are published by Radicati in their Email Statistics Report 2018-2022.

With the weakness of the email system, especially the lack of security barriers when dealing with attachments, the main vector of malware since time immemorial. It is very easy to open a malicious attachment, as the security for blocking the user from opening it in the first place squarely rest on the shoulders of the email clients.

“Email remains the most pervasive form of communication, while other technologies such as social networking, instant messaging (IM), chat, mobile IM, and others are also taking hold, email is still the most ubiquitous form of business communication. In addition, email is integral to the overall Internet experience as an email account (i.e. email address) is required to sign up to any online activity, including social networking sites, instant messaging and any other kind of account or presence on the Internet,” explained by the report.

With the ubiquitous nature of web-based emails like Gmail, Outlook.com and the old but still popular Yahoomail, more email accounts will get created. “The number of worldwide email accounts continues to grow at a faster pace than the number of worldwide email users. In 2018, the average number of email accounts per user ratio is about 1.75 accounts per user. By 2022, the email accounts per user ratio will reach 1.86 accounts per user. Growth is particularly strong with Consumer email accounts since many consumers tend to have multiple email accounts for different purposes (e.g. shopping vs. friends and family),” added the report.

It is in the hands of the individual and the organization using the email provider of their choice and the email client of their choice to secure the parameters of the system. Each antimalware is created with different types of users in mind, some are there to mine cryptocurrency in the background, while others are very visible like ransomware.

All types of malware can be launched through email, using a malicious attachment or malicious website link. With many users and computers still keeping an old version of the web browser installed, the surface attack area is expanded in a wider level. The moment the user accidentally clicked a malicious link from an email message, the default browser will attempt to open the link. If that same browser is old enough, it will still contain unpatched vulnerabilities that the malicious website can take advantage of.

“Protecting against malware remains a key concern for organizations of all sizes. Malware is increasingly complex and requires organizations to keep pace by investing in highly sophisticated anti-malware protection suites. The most common types of malware attacks are blended attacks, which may combine two or more methods of delivery, such as email and Web access, to spread malware to an organization’s internal network. Blended attacks often occur through email, or involve the use email in some way, for instance, an email itself may not contain any malware, but instead, it might provide a link to a website that contains malware,” concluded the report.