Security Bite: iCloud Mail, Gmail and Others Are Shockingly Poor at Detecting Malware, Study Finds

Today's email security has many shortcomings. It is widely known that email service providers cannot prevent every suspicious email from being received. But new research from web browser security startup SquareX shows how little companies are doing to block malicious attachments and protect users.

9to5Mac Security Bite is provided exclusively byMosyle, the only One Appleplatform. Everything we do is to ensure Apple devices are ready and secure in the enterprise. Our unique integrated approach to management and security combines Apple's most advanced security solutions to fully automate the security and safety of your data. Compliance, next-gen EDR, AI-powered zero trust, and exclusive privilege management with the most powerful and advanced Apple MDM on the market. The result is Apple's fully automated, unified platform, now trusted by more than 45,000 organizations, to provision millions of Apple devices effortlessly and affordably. Request an EXTENDED TRIALtoday and see why Mosyle is all you need for your Apple experience.

After collecting 100 samples of malicious documents of different types, classified into four main groups, researchers found that popular email service providers lacked one basic security measure: scanning attachments.

It sounds like it's from the early 2000s, but email attachments are still a thing. one of the main ways to infect a victim's computer with malware such as viruses, trojans, ransomware, etc. These attacks continue to be lucrative avenues for cybercriminals for many reasons, mainly due to the growing popularity of ransomware.

Four categories of malicious documents were classified as follows:

  1. Original malicious documents from the malware bazaar.
  2. Slightly modified malicious documents from the malware bazaar, such as changes to
    metadata and file formats.
  3. Malicious documents modified using tools attacks that have existed for many years.
  4. Basic documents with macro support that run programs on user devices.

First reported by Forbes, researchers took samples, attached them to emails and sent via Proton Mail to iCloud Mail, Gmail, Outlook, Yahoo! Mail and AOL, part of Yahoo! group. It is noteworthy that if the emails were successfully delivered to users, they may be vulnerable to any potential threat contained in these attachments.

The table below shows the results of sending 7 out of 100 malware samples to various email providers, indicating whether the malicious attachment was delivered. “If an email is not delivered, it is a sign that malware was detected while the email was being processed by the server,” he says. according to SquareX research.

The table shows which malware samples passed each email provider's scanners and were successfully delivered
through SquareX


Investing in strong email security features may seem like an obvious important part of protecting your users. However, Ian Thornton-Trump, chief information security officer at threat intelligence solutions company Cyjax, told Forbes: “It's like asking the free Wi-Fi at Starbucks why they don't block more or all cyberattacks.” He went on to explain that it's difficult to balance free and secure in one sentence.

Thornton-Trump argues that adding advanced email security features “can be very problematic due to false positives, which may include the use of technical support resources for assistance or correction – such an expense on millions of users of a free platform may not be commercially sustainable.”

Moreover, others argue that email service providers are dragging their feet on something that could cost significant resources. and impact their profits.

What do you think? Let us know in the comments below.

More about security

  • Security Bite : This macOS malware disguised as GTA 6 steals keychain passwords.
  • Apple users were hit with a sophisticated phishing attack to reset their ID password.
  • Here's how to protect yourself from attacks iPhone password reset
  • Here's how to protect yourself from iPhone password reset attacks
  • Apple users were hit with a sophisticated phishing attack to reset their ID password
  • Here's how to protect yourself from the attacks with iPhone password reset
  • li>
  • TikTok national security briefings 'deeply troubling' and should be made public – senators

Leave a Reply