In an effort to stop the propagation of malware via email attachments, Microsoft has decided to ban 142 file extensions that they deem as “risky”, with 40 of them being added to the list recently. These file attachments are very often associated with the dropping of malware, so this new blocking action will help Outlook users enjoy some level of automated protection against them. Common examples include PowerShell code, Python scripts, digital certificates, and Javascript. Even if someone tries to send a genuinely benign file of this type, there will be no way to do it on Outlook.
Most organizations are already using different methods to share such types of files anyway, so the imposed blocks are not expected to affect or disrupt anyone’s procedures. That is anyone except malicious actors, who are sending malware to their targets. Should anyone try to send such attachments anyway, Outlook will display a warning message informing the recipient of the block, and of the fact that they are not allowed to download them, not even at their own risk. The forty extensions that have been added on the blacklist are the following:
Of course, Microsoft will not stop here. The tech giant promises to continue monitoring what file extensions emerge as risky, and will enrich their blacklist again in the future. This is a common practice among email service providers, and so the affected actors are trying to find new ways to keep their activities effectively.
As Proofpoint’s Q2 2019 Threat Report shows, the malware distribution campaigns are increasingly based on URLs in the messages instead of email attachments. These URLs are not blocked by email service providers, they stand better chances with AV tools, and the recipient is more likely to click on a link rather than to download and execute a file. This emerging trend is partly based on the increasingly more rigid protection measures that are incorporated into Outlook and other email software tools.
Check out our socials on Facebook and Twitter to see what else is on in the tech world. Also, if you want to share your thoughts on the above, you may do so in the comments down below.