Document-based malware is on the rise, accounting for 59% of all malicious files detected between January and April 2019, according to a recent Barracuda Networks report. That’s an increase of 18% compared to the first quarter of 2018, a trend which should be alarming to cybersecurity professionals.

Document-based malware typically comes in the form of an email attachment that, when opened, automatically runs software hidden in the file or runs a script that pulls it from a remote website, the latter making it much harder to detect since there’s no malware code included in the document when it’s downloaded.

SEE: 10 ways to minimize fileless malware infections (free PDF) (TechRepublic)

The tricky thing about document-based malware, the report said, is that it changes the way cybersecurity professionals need to think about malware. The days of definition-based security is over, Barracuda said; it’s up to security teams to “think about malware detection by asking ‘What makes something malicious?’ rather than ‘How do I detect things I know are malicious?'”

A new generation of malware attacks

Nearly half (48%) of all malicious files detected in the past 12 months were some kind of document, the report said.

Malicious documents are part of a larger transformation in the way malware that targets businesses is distributed: Instead of just launching attacks at random, modern cybercriminals are very intentional about their work.

Reconnoitering a target, crafting custom attacks, determining the right targets, and launching the attack (possibly via a malicious document) is just the beginning of the process, followed by all the damage an attacker can do once inside a network.

Because of the sophistication of new attacks, the report said, cybersecurity professionals need to change how they defend their networks.

The report points out that the complex, layered nature of modern cyberattacks requires a complex, layered security approach. Barracuda recommends four security methods in response to document-based malware:

  1. Use blacklists: Spammers attacking an organization via malware-infected email attachments are increasingly using their own infrastructure, which means blacklisting their IPs should prevent repeat attacks from the same source.
  2. Implement a spam and phishing detection system: A good spam/phishing filter can detect suspicious elements of a message or attachment that the average user will miss. Human error accounts for around half of security incidents; a good filter can cut that number down by screening out messages before they get to recipients.
  3. Don’t neglect malware detection: Antivirus software that uses both static and dynamic analysis can pick up on a document trying to run an executable or download something from the web, neither of which should be done by a document. Static analysis can also detect attempts to obfuscate code and can recognize a document as malicious.
  4. Set up your firewall to detect malware: Some firewalls can be configured to recognize malicious traffic, which can stop a malware document from downloading code or communicating with its command and control server. This is a last-ditch defense, but shouldn’t be discounted–it can prevent a lot of headaches and make finding the infected machine simple.