New Gmail And Outlook Email Security Alert—Infostealer Malware Warning

Not all hacks are highly technical, honed from labs research affairs, most are just the opposite, relying upon human frailties and the persuasiveness of the attacker. Email is, perhaps, the biggest threat vector out there, and users of Gmail and Outlook on the Windows platform have just been handed a stark reminder of this. Here’s what you need to know.

ForbesHackers Are Getting Faster—48 Minutes And You’re CookedBy Davey Winder

Gmail And Outlook Email Users In The Hacker Crosshairs

A new threat analysis from the threat intelligence experts at VIPRE has studied more than seven billion emails processed across 2024 and uncovered a disturbing result if you are a user of either of the two most significant email services on the Windows platform.

The majority of the malware that VIPRE analyzed in the final quarter of 2024, the report said, came in the form of info stealers and remote access trojans. Both attack methodologies are designed to gain control of your device and access sensitive data, including passwords. In and of itself, this isn’t particularly surprising given that initial access brokers will pay well for credentials stolen in this way, and such malware is also used as the basis for many a ransomware attack, which remains the most profitable to criminal gangs. What was surprising, however, is that all this email-based malware was aimed at Windows users. All. Of.It.

When it came to deploying this malware, of course, that old favorite of phishing rose to the top of the malicious pops. Hackers used a myriad of phishing tactics with links, at 70%, way out in front. This was followed by attachments at 25% and QR codes at just 5%. Regarding those phishing links, VIPRE said, “URL redirection was the most employed tactic at 51%, followed by compromised websites (19%) and newly created domains at 7%.”

ForbesHow To Get Windows 11 For Free Before Windows 10 Support EndsBy Davey Winder

Mitigating The Gmail And Outlook Infostealer Attack Threat

“This annual email landscape analysis provides valuable insight into the cybersecurity threats that will challenge businesses in 2025,” Usman Choudhary, chief product and technology officer, at VIPRE Security Group, said, “to counter the increasingly automated and AI-enhanced email-based threats, organizations need to implement robust email security technologies and foster a culture of highly vigilant security awareness among employees, in equal measure.”

Microsoft has said that “all Outlook.com users benefit from spam and malware filtering. For Microsoft 365 Family and Microsoft 365 Personal subscribers, Outlook.com performs extra screening of the attachments and links in messages you receive.”

Ssenior director of product management for Gmail, Andy Wen, said, “we developed several ground-breaking AI models that significantly strengthened Gmail cyber-defenses, including a new large language model that we trained on phishing, malware and spam.” This helped to block 20% more spam than previous protections by identifying malicious patterns more accurately.

ForbesGmail Wants Your Phone Number—What You Need To Know And DoBy Davey Winder

Follow me on Twitter or LinkedIn. Check out my website or some of my other work here.