Skip to main content
close search
site logo
Dive Brief

New Zip file phishing trend threatens cybersecurity

Published Oct. 31, 2022
Elizabeth Flood's headshot
Elizabeth Flood Staff Reporter
Sean Gallup via Getty Images

Dive Brief:

  • Password-protected Zip files were the third most common format used by cybercriminals to conceal malware in the first half of this year, according to research released Oct. 20 from Trustwave — a cybersecurity and managed security services provider. 
  • Most (98%) of “the compromises and breaches that we see get their initial foothold from a phishing email,” said Karl Sigler, senior security research manager at Trustwave in an interview with CFO Dive. Emails using the infected Zip files are even getting through organizations that have security awareness training in place, he said.
  • Even though it’s a password-protected file you don’t have to provide a password, he said. That means cyber attackers don’t have to convince the target to open something with a password, which is a big challenge for cybercriminals, according to the research. 

Dive Insight:

Cybersecurity has become a major concern for CFOs, with 35% saying that it is among their top concerns, according to a recent Jefferson Wells survey. This new trend is one that finance executives need to be especially wary of, according to Sigler. 

“This specific trend is really interesting,” said Sigler. “We really haven’t seen that much of it before.” 

More broadly, Sigler said it is important for executives to stay up to date on these trends and continue to evolve security awareness training programs. 

“I think it’s critical for the C-suite members in general to work together in order to be well-equipped to combat these attacks,” said Sigler. “In order for a chief technology officer and chief information officer to do their job properly, they have to be able to understand the business objectives of an organization,” he said. 

In turn, it is imperative that CFOs understand the financial impacts that these cyber attacks can have on an organization, “which a lot of them don’t,” said Sigler. 

A cyber breach of insurance, for example, can surprise CFOs, he said. Many times finance executives think they have the right infrastrucure in place to avoid attacks, but if it is not updated, that is when organizations are most vulnerable.  

“They think they are protected, or they think if something did get through they would be able to recover relatively quickly, and that often doesn't happen,” said Sigler.

If not taken seriously, these attacks can change the entire course of an organization. “My wife's company that she worked for basically collapsed. They had to file bankruptcy and close the business because they were unable to recover all the data that was compromised. If you are not prepared for these attacks, they can become a coffin for the entire business,” said Sigler.

Editors' picks

Company Announcements

View all | Post a press release
Cybrid Responds to Market Demand for Stable, Efficient Cross-Border Payments with Enhanced Sta…
From Cybrid
November 20, 2024
Legion Technologies Partners with Vail Resorts to Expand Workforce Management Across 37 Resort…
From Legion Technologies
November 19, 2024

Want to share a company announcement with your peers?

Get started

Editors' picks
Latest in Strategy & Operations
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell