E-mail messages are frequently sent over untrusted networks that are outside the organization’s security boundary. When these messages lack any appropriate security safeguards, they can be read, copied, and modified at any point. In India alone email marketing has been extensively utilized in the media, IT and telecom, retail/e-commerce, travel and leisure, and the BFSI industries as the primary source of marketing for business expansion purposes and customer retention and satisfaction.
As per the study, in 2016, the worldwide market for email marketing stood at US $4.51 billion. Expanding at a healthy CAGR of 19.60% between 2017 and 2025, this market is likely to touch US $22.16 billion by the end of 2025.
E-mail security relies on principles of good planning and management that provide for the security of both the e-mail system and the IT infrastructure if a there is no proper security system the attackers can exploit the email to gain control over organization and access confidential information.
According to a research, a file-hosting service registered within the last week is being used to spread information and stealing malware in another FormBook campaign, currently attacking retail and hospitality businesses both within and outside of the US.
Recently, in a blog researchers wrote, “As with many information stealing and credential harvesting malware, FormBook’s infection chain starts with a phishing Email containing a malicious attachment, which is generally an Office document or a PDF file.”
The vulnerability was first discovered and patched by Microsoft in July 2017 now is being exploited again by ThreadKit (an exploit kit popular among low-skilled attackers) via the Formbook malware (a data stealer and form grabber). This serves as a timely reminder about how important it is to install update patches when they’re released.
The origins of the vulnerability can be found all the way back in July 2017 when Microsoft published CVE-2017-8570, a high-severity code execution vulnerability in Office. Although Microsoft released a patch the same month, the vulnerability was still exploited in the wild. The first reported exploit came one month later, with a subsequent instance from ThreadKit following in March 2018. And now a third exploit has been spotted, one and a half years after the vulnerability was first published.
