Singapore – While email providers such as Gmail and Outlook showed basic detection capabilities in identifying unmodified malicious document samples, recent study by browser security startup SquareX found that they struggle to identify modified malicious documents manipulated with readily accessible attack tools.
The findings of the report showed that the widespread dependence on email services for secure communication raised crucial questions on the effectiveness of relying on existing email security measures.
With cyber threats becoming increasingly sophisticated, it was further observed that email providers seem unprepared to detect and intercept these emerging threats, leaving users vulnerable to exploitation.
Addressing the security gap, on the other hand, SquareX has launched an advanced in-browser malicious document scanning feature as part of its browser extension in beta.
This move underscores the company’s commitment to enhancing web safety and encourages other companies to collaborate in safeguarding users and enterprises from cyber-attacks.
Vivek Ramachandran, founder and chief executive officer at SquareX, said, “The inadvertent discovery of this significant lapse in email security during our product enhancement process was startling.”
“Our intention in making these findings public is to ignite a dialogue on the urgent need for reinforced security measures and encourage email providers to either elevate their security protocols or transparently acknowledge their current limitations,” he further explained.
The study conducted involved the analysis of 100 malicious document samples which were categorised into four samples namely: (1) original malicious document samples from MalwareBazaar; (2) slightly altered malicious document samples from MalwareBazaar, such as changes in metadata and file formats; (3) malicious document samples modified using attack tools that have existed for many years; and (4) basic Macro-enabled documents that execute programs on user devices.
