Skip to content

Phishing awareness training: What your employees should know

Phishing or social engineering attacks are the number one cyber threat to business networks. Recent studies show that 90% of attacks are triggered by phishing. Innocent mistakes can expose vast amounts of confidential data, risking regulatory action and reputational disaster.

The problem with phishing is that tech solutions are never completely effective. Phishers exploit human nature, convincing users to make unsafe decisions. The only effective response is phishing awareness training.

Poorly trained workforces will eventually put your data at risk. But if you follow the guidance below, you will be well-prepared to handle social engineering attacks.

Key takeaways

  • Phishing involves using emails to persuade readers to make dangerous decisions. Links and attachments direct users to malicious websites, putting data and network assets at risk.

  • Companies can only combat phishing by training employees to identify suspicious emails. This is harder than it sounds. Phishing emails resemble authentic messages and use sophisticated techniques to fool targets.

  • Proper training prepares employees to assess subject lines, email addresses, links, body text, and links. Training covers every aspect of phishing attacks, enabling users to report threats before they compromise your network.

  • Implementing continuous phishing awareness training is key. Employees must refresh their knowledge and participate in phishing simulations. Employers, on the other hand, should create easy-to-use reporting processes.

  • Combining awareness training with cybersecurity technology mitigates most phishing attacks. Threat detection tools, email encryption, and VPNs strengthen your network defenses. They contain malicious threats when phishing training fails.

Phishing: What your employees need to know

There are two main reasons phishing leads to data breaches and other cyber-attacks: poor security infrastructure and lack of phishing awareness.

Robust protection is vital, but it won’t work if employees ignore phishing risks and expose critical data. Safeguarding apps and data requires constantly updated phishing awareness training. Let’s explore what building an effective human firewall entails and how to create effective training materials.

What is phishing

1. Phishing is illegal

The first thing to stress is that phishing scams are always illegal. Successful or not, phishers commit criminal acts, and it’s important to report phishing attacks to the authorities.

Phishing breaches both the Computer Fraud and Abuse Act (CFAA) and legislation against wire fraud. Successful attacks also breach identity theft laws. Phishing isn’t a minor offense, and employees should understand its severity.

Even so, laws do not specifically outlaw phishing—just successful cyber-attacks involving phishing. It’s still legal to email people asking for information. Tricking people with deceptive language is also legal. If not, sending jokes via email would effectively be criminalized.

Phishing differs because attackers trick users into sharing financial or confidential information for personal gain. Keep that definition in mind when delivering security awareness training.

2. Never trust email addresses alone

Phishers are experts in deception. Every aspect of their emails is potentially fake. However, victims sometimes forget this. They see what appear to be legitimate email addresses and assume the content is safe.

That’s a common and dangerous mistake. A phishing attack often starts by using spoofing to imitate legitimate email addresses.

Spoofed email addresses superficially resemble authentic Amazon or Microsoft addresses. If you look more closely, the underlying email address has nothing to do with those companies. This method is also known as display name spoofing. Every employee must be able to spot it 100% of the time.

There’s another aspect to display name spoofing. Email apps on some mobile devices do not show the sender’s address unless users expand the user name. That’s why you must train remote workers to use all devices securely – not just work laptops.

Spoofers can also take another approach known as cousin domain spoofing. This technique creates email domains that closely resemble authentic domains but have tiny differences.

Sometimes, this could be a fake extension like “Cisco-customerservice”. Sometimes, phishers add a different domain name or a string of numbers that shouldn’t be there. These discrepancies are never easy to spot.

Employees must concentrate and check every address for anomalies. Test their skills regularly, as concentration tends to lapse after a few months.

3. Look for suspicious subject lines and content

Subject lines and body text are also red flags when detecting phishing campaigns.

Phishers often use subject lines to grab attention. For instance, attackers might spoof an actual SaaS provider notifying you about rejected invoices. Or they could target executives with extravagant recruiting promises.

Subject lines may use fear and anxiety. Or they could arouse curiosity. When these methods work, users drop their natural caution and may click links or respond to other parts of the email.

Train employees to treat emails with threatening or excessively positive subject lines cautiously. These subject lines don’t automatically indicate a phishing threat. But employees should treat the attached emails as suspicious messages.

Body text is another critical phishing training awareness issue. The tone of the email is the first area to check. A threatening tone is always a phishing red flag.

For example, phishers want readers to click dangerous links and threaten dire consequences if users don’t click the link. Real-world clients or companies rarely communicate like that. The same applies to sudden emails about locked accounts or credit card problems.

Don’t rely on common sense. When creating phishing training materials, add real-world examples of suspicious emails. Highlight how phishers use language and tone, giving employees enough information to make informed judgments.

4. Beware of embedded links

Remember: phishers can spoof any part of an email message. This applies to embedded links as much as email addresses.

Links are a crucial training theme because malicious links almost always appear in social engineering emails. Phishers try to funnel victims to malicious sites where users hand over information or download malware. Identifying these sites is essential.

If a phishing email is well-written, malicious links look fine. They may resemble links to payment portals or accounting apps. Readers can only see the destination URL by hovering their cursor over the link text.

Check links thoroughly before clicking. Look for suspicious URL formats and shortened URLs. Make sure employees use virtual private gateways with DNS Filtering configured and Threat Block enabled. These NordLayer features ensure employees can access only secure web content by restricting access to potentially malicious websites.

5. Exercise caution with attachments

Email attachments are just as dangerous as links—maybe more so if your employees regularly exchange documents and files via email.

Phishers prefer adding attachments to emails as attachments tend to bypass spam filters. They can add a phishing link to PDF documents or spreadsheets without worrying about interception.

Skilled phishers use this to their advantage. They turn attachments into a form of social proof, persuading readers they need to access something valuable and useful.

When training employees, stress that all attachments are suspicious. The best phishing emails are careful to make other parts of the email convincing. Even plausible messages from seemingly trusted organizations could be malicious.

Teach employees to check attachment links. If they aren’t sure, recommend users report the attachment to a security team member. It’s always better to be safe than sorry.

6. Understand the risks of personal phishing attacks

Understanding personalization is another core part of an effective phishing awareness training program.

The reason for this is simple. As phishing becomes more complex, attackers are launching personalized phishing scams. Even highly qualified individuals can be caught off-guard. The success of a social engineering attack largely depends on context and personal relevance.

Instead of generic greetings, attackers are using contextual data. AI and automation tools enable hackers to profile targets and pose as authentic email senders. Employees need better security awareness in general (to protect their personal information) and when reading emails (to detect small false details).

It’s also vital to deliver additional training for high-ranking individuals and administrators.

Targeted training helps combat whaling and spear phishing attacks that leverage information about senior employees. These individuals often have greater access to sensitive information and privileges to share it—a dangerous combination that bad actors often exploit.

7. Appearances are deceptive as cybercriminals copy corporate branding

When you read emails from major companies, branded graphics, and layout style are often the first things you notice. Companies use consistent visuals and templates to deliver legitimate messages, but phishing emails can copy all of this.

Train employees not to be fooled by slick logos. Look for minor imperfections in the email’s presentation. Phishers often slightly change logos to work around spam filters.

Be wary of images as well. Phishers embed links beneath photos (and elements like QR codes), another way to evade filters. Genuine senders rarely do this, preferring transparent and secure links. Treat image links as potential red flags wherever they appear.

8. Update your knowledge: Phishers are becoming more sophisticated

Tomorrow’s phishing attempts will be more sophisticated. Detecting them will be increasingly challenging. You can be sure of that. Attackers constantly seek ways to avoid filters and fool their targets. Phishing awareness training should evolve with new techniques.

Above all else, security officers should research emerging techniques and prepare for emerging phishing campaigns. Also, creating a comprehensive strategy that includes education, vigilance, and technology works best when it comes to preventing phishing attacks.

Phishing attack trends

Threat actors are using artificial intelligence to generate more accurate messages. They also run multi-channel attacks, which use two or more communication platforms. Microsoft Teams is the most common second step, followed by Slack and SMS. Security teams must up their game and outpace their adversaries.

How to implement phishing awareness training

Understanding what employees need to know is a good start. It’s vital to put that knowledge into practice with effective phishing training. Here are some tips about how to do so:

  • Implement continuous phishing training with annual updates and testing exercises. Don’t rely on onboarding training. Knowledge and attention erode over time.

  • If you have the resources, run simulated phishing campaigns and war game potential scenarios with cybersecurity tabletop exercises.

  • Include key stakeholders in training scenarios. Everyone, from new hires to veteran executives, plays a role in detecting phishing attempts.

  • Ensure you have a reporting system to pick up alerts from the front line. Employees should be able to instantly report suspicious emails without disrupting their workflows.

  • Provide immediate feedback when an employee clicks on a phishing email. Gentle guidance reinforces training on the spot, and there’s usually no need for disciplinary procedures.

  • Audit your phishing training program regularly. Record phishing incidents and identify areas to improve.

How can NordLayer help?

At NordLayer, we want every company to guard against phishing attacks, and we offer a range of solutions to make that happen.

Firstly, check out our recent article on data breaches. It’s a great introduction to the main attack techniques and data breach risks. When you’re up to speed, use our security tools to make awareness training even more effective.

Multi-factor authentication (MFA) helps ensure cybercriminals won’t get far with stolen credentials alone. Threat protection based on Zero Trust Network Access verifies every user and device before they are given access to your network.

NordLayer also offers solutions that help prevent phishing. Threat Prevention identifies and blocks potential threats, protecting your devices and important data from phishing scams.

Security technologies alone won’t stop every phishing attack. Combining NordLayer’s security tools with phishing awareness training will put you in the best possible position. Get in touch today and find out how to reduce your phishing risks.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Enhancing Multi-Cloud Management Across Azure, Anthos, and the Edge with SC//Platform

Too many IT leaders have learned the hard way that putting all of their IT eggs in one cloud can be a literal recipe for disaster — which is why more and more organizations are increasingly adopting multi-cloud strategies to diversify their risk exposure, enhance resilience, and leverage the unique strengths of different cloud providers. This approach not only helps to avoid vendor lock-in, but also ensures that critical applications and data remain available even if one cloud service experiences disruptions. While the utilization of multiple cloud environments offers numerous benefits, managing these different cloud environments comes with its own challenges.

At Scale Computing, we understand the complexities of multi-cloud environments and are committed to providing solutions that simplify and enhance cloud management. At last year’s Platform//2024 event in Las Vegas, Scale Computing’s Dave Demlow, VP of Product Strategy, and Criag Theriac, VP of Product Management, took the stage to discuss multi-cloud management with the SC//Platform. In this post, we’ll recap their presentation and show you how SC//Platform’s seamless integration with major cloud providers, including Microsoft Azure, Google Anthos, and Amazon Web Services (AWS), can dramatically improve the efficiency and resilience of your IT infrastructure.

Managing Multi-Cloud

A multi-cloud strategy involves distributing workloads across various cloud service providers. In doing so, organizations can mitigate the risk of service outages and ensure business continuity. A multi-cloud strategy also enables increased flexibility and cost optimization, allowing organizations to cherry-pick services across different platforms that best align with their specific needs. However, a multi-cloud approach does come with increased complexities. Coordinating workloads across diverse cloud environments demands sophisticated management and orchestration tools. Ensuring consistent security policies, compliance standards, and governance across different cloud environments can also be more challenging. Further, the potential for increased operational complexity and the need for skilled personnel can lead to higher operational costs. To fully realize the benefits of a multi-cloud strategy, businesses must find a way to successfully navigate these challenges.

Streamlining Multi-Cloud Management with Scale Computing Platform

SC//Platform delivers cloud-like simplicity, high availability, and scalability integrated within a self-healing platform for autonomously running applications in remote data centers or at the edge of your network closest to where data is being generated. The solution consists of SC//HyperCore, a complete software stack for on-premises autonomous IT infrastructure management, and SC//Fleet Manager, which provides centralized monitoring, management, and orchestration of your remote environments, ensuring consistent performance across all sites with minimal human intervention.

SC//Platform offers a comprehensive edge solution for managing and deploying resources across multi-cloud environments. Designed to simplify management, it ensures that your IT services, whether at the edge or in the cloud, work harmoniously together. Here’s how SC//Platform improves multi-cloud management:

Unified Management Across Cloud Providers

  • SC//Platform seamlessly integrates with major cloud providers, including Microsoft Azure, Google Anthos, and AWS. This integration allows organizations to manage on-premises and cloud-based resources from a single interface, simplifying operations and improving visibility across their entire infrastructure.

Enhanced Edge Computing Capabilities

  • SC//Platform extends its capabilities to edge computing environments, providing a unified approach to managing edge devices alongside traditional data centers and cloud resources. This integration ensures consistent performance and management practices across all layers of the IT spectrum.

Flexible Application Deployment

  • Scale Computing supports a range of applications, from legacy virtual machines to modern containerized applications, enabling organizations to deploy and manage diverse application types within and across multi-cloud environments.

Robust Integration with Microsoft Azure

  • SC//Platform integrates seamlessly with Microsoft Azure’s extensive suite of services, enabling centralized management of on-premises resources through Azure Arc. This includes capabilities for managing Windows and Linux workloads, containerized applications, and leveraging Azure’s cloud services for disaster recovery, backup, and storage.

Comprehensive Support for Google Anthos and AWS

  • For Google Anthos users, SC//Platform supports the deployment and management of Kubernetes clusters, providing a consistent experience regardless of whether infrastructure is hosted on-premises or in the cloud. With AWS, Scale Computing facilitates integration with AWS Systems Manager and ECS Anywhere, enabling efficient remote management and deployment of containerized applications.

Integration With Major Cloud Providers

Microsoft Azure

  • Azure Arc Integration: Manage on-premises and cloud resources from a single Azure console, including centralized updates, monitoring, and security policies.
  • Azure File Sync: Extend local storage capabilities to the cloud, providing scalable storage solutions and improved data access.
  • Azure IoT Edge: Deploy and manage IoT solutions at the edge, integrating with Azure’s cloud services for data processing and analysis.
  • Azure Entra ID: Single sign-on and role-based access control.

Google Anthos

  • Managed Kubernetes: Deploy and manage Kubernetes clusters on-premises with Google Anthos, benefiting from Google’s managed services and updates while maintaining local control. On SC//HyperCore based fleets, users can deploy applications and change configurations from SC//Platform’s centralized, cloud-based interface. Developers retain the standard Kubernetes API interface and can direct commands and APIs at Google across multiple clusters, regardless of their physical location.

Amazon Web Services

  • AWS Systems Manager: Centralize management of on-premises systems and applications, leveraging automation and monitoring capabilities.
  • ECS Anywhere: Deploy and manage containerized applications across various environments, including edge locations.
  • AWS Storage Gateway: Integrate on-premises storage with AWS, utilizing cloud storage for archiving and data synchronization.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Scale Computing 
Scale Computing is a leader in edge computing, virtualization, and hyperconverged solutions. Scale Computing HC3 software eliminates the need for traditional virtualization software, disaster recovery software, servers, and shared storage, replacing these with a fully integrated, highly available system for running applications. Using patented HyperCore™ technology, the HC3 self-healing platform automatically identifies, mitigates, and corrects infrastructure problems in real-time, enabling applications to achieve maximum uptime. When ease-of-use, high availability, and TCO matter, Scale Computing HC3 is the ideal infrastructure platform. Read what our customers have to say on Gartner Peer Insights, Spiceworks, TechValidate and TrustRadius.

The dynamics of cyber insurance and ransomware mitigation

In today’s cybersecurity landscape, ransomware is now a major threat across all sectors, and while prevention is key, effective mitigation is equally critical. That’s where cyber insurance comes into play — it’s an important way to mitigate some of your most significant risks. Let’s look into the trends in ransomware, the state of cyber insurance, and the role of cyber insurance in ransomware mitigation. 

The growing threat of ransomware

I think it’s safe to say that ransomware has evolved significantly over the years. What was once a sporadic threat has now become a persistent and pervasive risk for organizations worldwide. According to a recent ESG (Enterprise Strategy Group) report, “Lighting the way to readiness and mitigation,” 89% of enterprises consider ransomware one of the top five threats to their viability, highlighting the widespread concern that ransomware attacks can disrupt operations, compromise sensitive data, and result in significant financial losses.

One of the most striking trends in the ransomware landscape is the rapid increase in the number of identifiable ransomware groups — not entirely unlike the early days of the automotive industry where a small number of manufacturers eventually grew into a large, competitive market through new entries, consolidation, and expansion.

Similarly, the ransomware market has expanded as new threat actors emerge, gain success, and attract attention. While some of these ransomware groups are eventually shut down, others continue to thrive, contributing to an alarming 55% year-over-year growth in ransomware attacks.

The financial incentive driving ransomware

Just as with other forms of cybercrime, ransomware threat actors are motivated by the potential for substantial financial rewards. When people have a financial incentive to do something bad, they’re often going to do that thing. And since there’s a lower barrier to entry in the ransomware market than ever before — especially when utilizing options such as ransomware as a service (RaaS) — almost anyone with a basic understanding of technology and a desire to make money can participate.

Read ransomware-as-a-service blog

This has led to a proliferation of ransomware groups, each looking to capitalize on the lucrative opportunities that cyber extortion presents. According to a Reuters report, ransomware generated over $1 billon USD in 2023 alone.

Geopolitical factors also play a role in ransomware activity. Some countries are known to harbor, or at best ignore, ransomware gang activities in their countries, and there’s evidence of state-sponsored ransomware attacks, too. All of these attacks share a primary focus: Generating revenue through ransomware.

Looking at the graph above, geopolitical factors seem to be a plausible explanation for 2022 — the year Russia invaded Ukraine — being an anomalously slow year regarding generating ransomware revenue. And in 2023, a historically high peak, representing a 140 percent growth from 2022, according to Statista.

The role of cyber insurance

Because you can’t guarantee that you won’t be able to prevent every attack, cyber insurance has become an essential component of an organization’s risk management strategy. While it is not a substitute for robust cybersecurity measures, cyber insurance helps organizations mitigate the financial fallout from a ransomware attack.

Of US organizations polled, 58% reported either opting in to one or more cyber-insurance policies or planning to do so in the next 12 months to mitigate their ransomware risk.

The cyber insurance market has evolved significantly in recent years. Initially, obtaining cyber insurance was relatively simple; businesses could secure a policy with minimal requirements. However, as the frequency and severity of ransomware attacks have increased, insurance companies have raised their standards.

As a result, there are new hurdles for businesses to overcome. Escalating rates, additional cybersecurity requirements, and limitations in coverage all make it more difficult for many organizations to acquire insurance. More than half of those surveyed have reported difficulties meeting underwriter cybersecurity requirements to acquire a policy. Today, insurers require organizations to demonstrate a certain level of cybersecurity maturity before they can qualify for coverage.

These controls include key items such as multi-factor authentication (MFA), endpoint detection and response (EDR) solutions, and robust backup systems. Put bluntly, you cannot get an insurance policy without implementing the controls your insurer expects to see.

The state of cyber insurance

As cyberthreats continue to evolve, so does the cyber insurance market. As I mentioned, insurance companies are now paying closer attention to how organizations manage data security and privacy, particularly in light of emerging technologies like artificial intelligence (AI). Insurers are beginning to ask more detailed questions about how AI is being used within organizations and how it’s being incorporated into detection and response capabilities.

Moreover, cyber insurance policies are increasingly being tailored to the specific needs of organizations. This includes offering proactive tools that can help organizations prepare for and respond to ransomware attacks. For example, some policies now include coverage for tabletop exercises, incident response planning, and access to breach coaches and specialized vendors.

The importance of a holistic approach to cybersecurity

I want to emphasize that cyber insurance should be viewed as one component of a broader, defense-in-depth strategy. Relying solely on insurance to mitigate the impact of a ransomware attack is not sufficient. Instead, organizations must adopt a holistic approach to cybersecurity that includes strong preventive measures, regular testing, and a clear understanding of their risk landscape.

The importance of communication and collaboration across the organization cannot be overstated. Cybersecurity is not just the responsibility of the IT department; it requires buy-in from the board of directors, management, and all employees. By fostering a culture of security awareness and ensuring that everyone understands their role in protecting the organization, companies can better defend against ransomware attacks.

Conclusion: The future of cyber insurance and ransomware mitigation

Ransomware remains a significant threat, but organizations can take proactive steps to protect themselves. By aligning cybersecurity practices with established frameworks, continuously testing and improving defenses, and incorporating cyber insurance into risk management strategies, organizations can better withstand the challenges posed by ransomware.

As the cyber insurance market continues to evolve, it’s crucial for organizations to stay informed about the latest developments and adjust their strategies accordingly. The ultimate goal is to create a resilient organization that can not only survive a ransomware attack but continue to thrive in the face of ever-changing cyberthreats. 

On-demand cyber insurance webinar

CybersecurityBusiness continuityCyber insuranceRansomware

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Keepit
At Keepit, we believe in a digital future where all software is delivered as a service. Keepit’s mission is to protect data in the cloud Keepit is a software company specializing in Cloud-to-Cloud data backup and recovery. Deriving from +20 year experience in building best-in-class data protection and hosting services, Keepit is pioneering the way to secure and protect cloud data at scale.

ESET Research: Spy group exploits WPS Office zero day; analysis uncovers a second vulnerability

  • South Korea-aligned advanced persistent threat group APT-C-60 weaponized a remote code execution vulnerability in WPS Office for Windows (CVE-2024-7262) in order to target East Asian countries. ESET Research discovered the vulnerability and provides a root cause analysis, along with a description of its weaponization.
  • A strange spreadsheet document referencing one of the group’s many downloader components pointed to APT-C-60.
  • The exploit is deceptive enough to trick users into clicking on a legitimate-looking spreadsheet while also being very effective and reliable. The choice of the MHTML file format allowed the attackers to turn a code execution vulnerability into a remote one.
  • While analyzing the vulnerability, ESET Research discovered another way to exploit it (CVE-2024-7263).
  • Following our coordinated vulnerability disclosure policy, as Kingsoft acknowledged and patched both vulnerabilities, we provide a detailed analysis.

BRATISLAVA, MONTREALAugust 28, 2024 — ESET researchers discovered a remote code execution vulnerability in WPS Office for Windows (CVE-2024-7262). It was being exploited by APT-C-60, a South Korea-aligned cyberespionage group, to target East Asian countries. When examining the root cause, ESET discovered another way to exploit the faulty code (CVE-2924-7263). Following a coordinated disclosure process, both vulnerabilities are now patched. The final payload in the APT-C-60 attack is a custom backdoor with cyberespionage capabilities that ESET Research internally named SpyGlace.

“While investigating APT-C-60 activities, we found a strange spreadsheet document referencing one of the group’s many downloader components. The WPS Office software has over 500 million active users worldwide, which makes it a good target to reach a substantial number of individuals, particularly in the East Asia region,” says ESET researcher Romain Dumont, who analyzed the vulnerabilities. During the coordinated vulnerability disclosure process between ESET and the vendor, DBAPPSecurity independently published an analysis of the weaponized vulnerability and confirmed that APT-C-60 has exploited the vulnerability to deliver malware to users in China.

The malicious document comes as an MHTML export of the commonly used XLS spreadsheet format. However, it contains a specially crafted and hidden hyperlink designed to trigger the execution of an arbitrary library if clicked when using the WPS Spreadsheet application. The rather unconventional MHTML file format allows a file to be downloaded as soon as the document is opened; therefore, leveraging this technique while exploiting the vulnerability provides for remote code execution.

“To exploit this vulnerability, an attacker would need to store a malicious library somewhere accessible by the targeted computer either on the system or on a remote share, and know its file path in advance. The exploit developers targeting this vulnerability knew a couple of tricks that helped them achieve this,” explains Dumont. “When opening the spreadsheet document with the WPS Spreadsheet application, the remote library is automatically downloaded and stored on disk,” he adds.

Since this is a one-click vulnerability, the exploit developers embedded a picture of the spreadsheet’s rows and columns inside to deceive and convince the user that the document is a regular spreadsheet. The malicious hyperlink was linked to the image so that clicking on a cell in the picture would trigger the exploit.

“Whether the group developed or bought the exploit for CVE-2024-7262, it definitely required some research into the internals of the application but also knowledge of how the Windows loading process behaves,” concludes Dumont.

After analyzing Kingsoft’s silently released patch, Dumont noticed that it had not properly corrected the flaw and discovered another way to exploit it due to an improper input validation. ESET Research reported both vulnerabilities to Kingsoft, who acknowledged and patched them. Two high severity CVE entries were created: CVE-2024-7262 and CVE-2024-7263.

The discovery underlines the importance of a careful patch verification process and making sure that the core issue has been addressed in full. ESET strongly advises WPS Office for Windows users to update their software to the latest release.

For more technical information about the WPS Office vulnerabilities and exploits, check out the blog post “Analysis of two arbitrary code execution vulnerabilities affecting WPS Office” on WeLiveSecurity.com. Make sure to follow ESET Research on Twitter (today known as X) for the latest news from ESET Research.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

Guardz Launches ‘Community Shield’ – Free Plan to Strengthen MSP Cybersecurity Posture



  • Guardz introduces the Community Shield Plan, a free, comprehensive cybersecurity platform tailored for MSPs to protect their internal operations.
  • The plan offers MSPs unified detection and response capabilities across identities, emails, devices, and data, enabling them to safeguard their own operations without financial strain.
  • This initiative aims to bolster MSPs’ security, reflecting Guardz’s appreciation and continued support for the MSP community. 




MSPs operate at the intersection of technology and trust. Tasked with managing diverse customer environments, they navigate a complex web of point solutions, each with its own set of challenges and vulnerabilities. This responsibility places a significant burden on MSPs, who must ensure not only the security of their clients but also their own operations. With access to vast amounts of sensitive information, MSPs have become prime targets for cybercriminals, and the rise in supply chain and cloud attacks only adds to the pressure.

Today, the digital landscape is more dangerous than ever. Cyber threats are evolving, and MSPs find themselves in the crosshairs. The need to bolster internal security is not just a priority; it’s a necessity.  The challenge is clear: how can MSPs effectively safeguard their operations without stretching their resources too thin?

We are thrilled to announce the launch of the Guardz Community Shield Plan, which aims to empower MSPs to secure and insure their internal operations easily. The Community Shield plan offers a unified platform that provides unified detection and response capabilities across identities, emails, devices, and data—all at no cost.

This innovative plan allows MSPs to establish a strong security foundation without the burden of financial commitment. With access to the full suite of the Guardz advanced security controls, MSPs can now focus on what they do best—protecting their clients—while resting assured that their operations are equally safeguarded. For those looking to extend this high level of protection to their clients, the Community Shield plan seamlessly integrates with the Guardz cost-effective solutions.

“This offering is our commitment to supporting and protecting the MSP community, reflecting our appreciation for the partnership and trust we are building together,” said Dor Eisner, CEO and Co-Founder of Guardz. “We’ve gained so much from this collaborative community, and now we want to give back. By providing the Guardz platform for free, we aim to support MSPs’ growth and success while keeping their businesses secure. We believe that a secure MSP is better equipped to foster secure environments for their clients, creating a ripple effect of enhanced cybersecurity across the board and, ultimately, a safer digital world.”

The Guardz Community Shield plan is available immediately. Interested MSPs can sign up for a free two-week trial and claim their free licenses directly from the product.  To learn more and sign up, click here.

Start Free Trial

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Guardz
Guardz is on a mission to create a safer digital world by empowering Managed Service Providers (MSPs). Their goal is to proactively secure and insure Small and Medium Enterprises (SMEs) against ever-evolving threats while simultaneously creating new revenue streams, all on one unified platform.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×