How to Isolate Malicious Email Attachments from Your Network

Employees routinely work with email attachments—reading resumes, processing invoices, receiving delivery notifications, sharing financial statements, or collaborating on legal agreements with outside parties—and they often open them because they look safe. Cybercriminals are well aware of this vulnerability, and they exploit it.

Today’s ransomware is commonly delivered via weaponized Microsoft Office documents or PDFs that are sent through email. Cybercriminals do this because it works. According to ransomware statistics from 2019, organizations lost more than $7.5 billion due to ransomware attacks.¹

Legitimate applications—many expressly whitelisted including the Microsoft Office Suite—can also be exploited to bypass layered defenses and gain an organizational foothold from a single compromised host.

Despite promising advancements in malware detection, steady improvements in secure email gateways, and an increase in user awareness training, malicious email attachments are still making it past all defenses, leading to data breach, loss, and even destruction.

Today’s sophisticated, email-borne malware simply overwhelms traditional detect-to-protect defenses.

The numbers are in:

• Over 90 percent of malicious mail attachments have polymorphic capabilities.²
• 53% of viruses spread by .exe files³, 46% of hackers disseminating malware deliver it almost exclusively through email.³

Here’s what’s working for cybercriminals today:

• Ransomware: Encrypts the data on a victim’s PC with a symmetric key, forcing the victim to pay the ransom or reimage the machine. It is prevalent and primarily delivered via malicious documents.
• Macro-enabled trojans: Drop malicious binaries onto the host which then establishes communication with remote command-and-control servers for additional instructions and download additional malicious code.
• Fileless malware: Abuses tools such as PowerShell to execute commands without dropping any files on the host.
• Malicious links: Hiding in benign email attachments, these malicious links easily slip through layered defenses and result in a drive-by download or a browser exploit.

Give users a virtual safety net from known and unknown threats by isolating high-risk content, plus actionable insights to help strengthen organizational security posture. Using virtualization-based security, HP Sure Click Enterprise⁴ opens email attachments—such as Microsoft Office documents and PDFs—in an isolated micro-VM. Malware can launch and run but it never has access to the endpoint or the network. Malware is essentially trapped inside the micro-VM container, rendering it harmless to the user, and is disposed of when the user closes the email attachment.

Enabling malware to execute fully changes help desk culture: end-users take pride in reporting a malware capture instead of complaining about IT security constraints.

Learn more at https://www.hp.com/enterprisesecurity

¹ 22 Shocking Ransomware Statistics for Cybersecurity in 2021 (2019) – SafeAtLast.co

² Top 10 Email Malware Threats | eSecurity Planet /

³ A Not-So-Common Cold: Malware Statistics in 2021 | DataProt

⁴ HP Sure Click Enterprise is sold separately and requires Windows 8 or 10 and Microsoft Internet Explorer, Google Chrome, Chromium or Firefox are supported. Supported attachments include Microsoft Office (Word, Excel, PowerPoint) and PDF files, when Microsoft Office or Adobe Acrobat are installed.