Cyber Update: Malicious Document Downloads Are Surging

Research Shows Malicious Document Downloads Are Surging

Using malicious software—also called malware—to compromise a victim’s data or technology is one of the most common cyberattack methods. Malware is typically triggered by clicking on the deceptive links or dangerous attachments that often accompany phishing emails. In fact, recent research found that malicious document downloads are currently on the rise.

According to Netskope Threat Lab’s latest report, 40% of malware attacks have been deployed through the medium of harmful email attachments during 2021, representing a 20% rise over last year’s data. Specifically, these email attachments have been disguised as office documents—including Microsoft Office files, PDFs and Google Docs.

This rise in malicious document downloads is likely tied to cybercriminals taking advantage of shifting work arrangements during the ongoing COVID-19 pandemic. After all, the significant increase in remote operations over the past year has led to more employees relying on digital platforms (e.g., email and online messaging) to communicate with their co-workers.

With remote employees using virtual mediums to share important information and files, cybercriminals have been able to trick some of these workers into downloading malicious office documents via deceitful emails. For instance, a cybercriminal may impersonate a victim’s co-worker and email them a harmful file titled “Monthly Financial Report” in order to manipulate them into downloading it.

In light of this trend, it’s critical for employers to take the following steps to protect against malicious document downloads:

Educate employees on how to recognize and respond to phishing emails. In particular, workers should always verify the sender’s identity by double-checking their address before interacting with an email and avoid opening any attachments from unknown sources. Further, employees should report any suspicious email activity to the IT department.
Implement antivirus programs and endpoint detection and response systems on workplace technology to help minimize malware threats. Update this software regularly.
Install email security features (e.g., spam filters) to help prevent malicious messages from landing in employees’ inboxes altogether.

We are here to help.

If you’d like additional information and resources, we’re here to help you analyze your needs and make the right coverage decisions to protect your operations from unnecessary risk. You can download a free copy of our eBook, or if you’re ready make Cyber Liability Insurance a part of your insurance portfolio, Request a Proposal or download and get started on our Cyber & Data Breach Insurance Application and we’ll get to work for you.