Threat Focus : Why is the Blank Slate Malspam Still a Threat?

Organizations use email every day to send and receive information, track activities and other essential tasks. However, this communication method isn’t as safe as users might believe. Email is currently the number one delivery vehicle for malware, ransomware and other malicious breach techniques. Hackers can send out an infinite number of emails to a large number of people in the hopes that one will hit and be downloaded onto a company network.

Malware-laden emails, ads and websites are nothing new, but they are still persistent even among today’s modern strains. Blank Slate Malspam, for example, is still going strong, even though it should have been recognized and eradicated long ago. Let’s take a look at why Blank Slate Malspam continues to be a threat and what organizations can do to avoid similar risks.

The Journey of Blank Slate Malspam

Blank Slate Malspam has been active since 2016, and its techniques have shown to be successful in keeping it continually running. The phishing campaign is simple compared to others: It leaves the subject vague or empty, sends the body of the email blank and includes a zip archive of malicious attachments for users to download. It is geared toward infecting Microsoft Windows computers, using malware-laden Microsoft Word or JavaScript documents.

Blank Slate Malspam emails have vague subjects and blank bodies.

More recent Blank Slate emails have come with a message warning that Microsoft has detected suspicious activity on their accounts, instructing the recipients to download attached documents for further directions, Tripwire reported. The email addresses on the messages are spoofed from a botnet consisting of numerous compromised hosts across the globe. According to SC Magazine, while some hosts were initially spotted and removed, Blank Slate attackers had replacement hosts ready to go.

Once people receive the email, they must ignore security warnings and open the zip archive as well as manually extract and enable included files. This is a lot of effort for users to go through, and they might end up canceling the download, but the research firm that first discovered Blank Slate have found that clearly the technique works. Sending a blank message is cheaper and easier than a social engineering text, and setting up new hosting provider accounts is often inexpensive, enabling the scam to live on without much investment from the hacker side. In addition, Blank Slate emails have been identified carrying Cerber or GlobeImposter ransomware, enabling attackers to lock down user assets and demand money to restore them.

“Part of the answer might easily be diluted to sheer curiosity.”

Why Are People Still Becoming Victims?

When you receive a fishy looking email with an odd address, vague subject, a blank body and a zipped attachment, warning bells should immediately ring in your head. These are telltale indicators that have been warned about for decades now. With such a suspicious means of delivery and the work necessary to download the malicious files, why are people still falling for the oldest tricks in the book?
Part of the answer might easily be diluted to sheer curiosity. Subject lines might contain random numbers and letters to make users wonder what’s inside the message. If recipients get the fake Microsoft message, they might be inclined to click it and follow the instructions. Users must remember that curiosity killed the cat, and that unusual emails can certainly mean trouble for the business and their sensitive data.

Human error and lack of awareness are by far the most common reasons why breaches happen, and your own employees are responsible for these attacks. Verizon’s “2017 Data Breach Investigations Report” found that 1 in 14 users are still being tricked into following malicious links and opening attachments, and 25 percent of these victims are fooled more than once. Organizations are still relying on outdated defenses and aren’t educating their employees enough on the threats that phishing attacks pose. In fact, 95 percent of phishing methods that led to successful breaches included a software installation element.

Adopting a Prevention-centric Approach

Business leaders fall into the habit of assuming that a breach won’t happen to them and that they have all of the basics covered. However, employees may still be using weak or guessable passwords and are being tricked into clicking on malicious links. Security is becoming everyone’s responsibility and prevention-centric approaches will be important to eliminating risks.
Organizations must train staff to accurately spot warning signs of a phishing attempt as well as other threats. Protocols for reporting a malspam or phishing email are necessary to alert other employees and prevent breaches. Using layered security measures utilizing automated maintenance, application control, system usage monitoring and endpoint configuration persistance are an effective way to tackling a breach. With these tools, business leaders can quickly identify unusual behavior and contain it before it causes any damage. Blank Slate Malspam is still a threat to businesses, but with the right training programs and security protocols, it can be effectively thwarted.

Suzannah Hastings

Suzannah is interested in all things digital, from software security to the latest technological advances. She writes about ways in which the increasingly internet-driven landscape changes our lives, and what we can expect in the future.