Hello and welcome to the Thursday, January 4, 2024 edition of the Sansonet Storm Center's

Stormcast. My name is Johannes Ulrich, and the time I'm recording from Jacksonville, Florida.

Jan today published a little bit a year in review post, summarizing some of the malicious

emails that he collected in his spam trap.

Now, one thing he points out is that the range of sizes of the malicious files is quite large

from about a kilobyte all the way up to a couple hundred megabytes.

We talk about some of these sort of excessive, large, malicious files that apparently

are attempting to bypass.

Some controls where anti-malibur only looks at files up to a particular size.

Other interesting findings here is, first of all, a lot of just simple PE files.

So standard executables, yes, with different extensions and such, but something that should

be pretty easy to detect, but also then a bunch of scripts, office files, PDFs, and

the like.

So what you typically see in malicious spam.

I think one important thing to remember is not to overthink what attackers may be attempting

with a particular sort of evasion method or what they're trying to accomplish.

Remember, attacks don't always have to work. They don't have

sort of a 5-9 SLA or something like this. An attacker often will just basically take a shotgun

approach where they try different tricks and hope that, well, one of their emails will make it.

But I think one lesson here to also remember

is that it's not that difficult

to really get rid of a large percentage

...