Chapter 1. Brief on the risk

In phishing email attacks worldwide, Covid-19 is still an important topic. With the increasing availability of epidemic prevention material supplies in various countries and the transparency of news channels, attackers have begun to look for “hot issues” from other perspectives that may attract people’s attention.

With the impact of the pandemic, some companies have also begun to adjust their working systems, including the use of remote working. In this case, some companies need to notify every employee of the revised system and remote office network access methods. Naturally, attackers will not let go of this huge “opportunity”.

Consistent with the trend of real phishing attacks received internally by our company, external phishing attacks are gradually shifting from malicious links to malicious attachments. In order to prevent them from being intercepted by email security products or being checked and killed by anti-virus software on computers, more and more attackers are using a “multi-stage” attack mode, that is, malicious attachments in phishing emails only function for downloading and running malicious files. The actual malicious code is located in malicious files downloaded from the Internet.

In addition to new attack forms, attackers continue to innovate in attack technology. For example, in this quarter, attackers used new “zero font”, “hexadecimal IP address” and other methods to attack external users. In the third chapter of the report, the principles of these new attack techniques will also be discussed.