Guest Post | Advt. | Query:

Emails From Your Trusted Suppliers Can Be Very Bad For Business!

David Parkinson, Strategic Development Manager, UK and Ireland for Wick Hill
David Parkinson, Strategic Development Manager, UK and Ireland for Wick Hill

By David Parkinson, Strategic Development Manager, UK and Ireland for Wick Hill

Woking, Surrey: 10th June 2015 – The term ‘Trusted Supplier’ says it all. It’s a supplier that we have used before, perhaps over a period of time, and one that we trust. However, when it comes to protecting our networks from malware, we can unfortunately never take that term for granted.  Communications from trusted suppliers can contain malware that can harm our networks. Trusted suppliers could actually turn out to be bad for business.

It is already common to talk about the cyber risks within the supply chain and it is important to discuss them and review them on a regular basis.  We work alongside our suppliers and often connect with each other’s IT networks.  If our business partner has a cyber vulnerability, then our own risks increase and we need to guard against that. That risk increases with every vulnerability, at every point in the supply chain.

To take just one example, most organisations use a recruitment company at some point to fill either a key role or maybe regular short term positions. Organisations tend to have a fairly relaxed attitude to communications with their recruitment partners, as we generally receive what we expect to receive – CVs (solicited or otherwise), contracts, invoices, etc.

However, in a recent Forbes article, the careers and recruitment industry was highlighted as being susceptible to a particular cyber threat. This is an industry that has taken advantage of many of the good things the Internet can offer in terms of reach, scale and efficiency. That industry is now finding itself at the sharp end of targeted malware encapsulated in documents – a medium on which it has thrived for so long.

We have known for a long time that malware authors and disseminators look to embed their code within popular document types. This is simply because electronic documents are widely distributed, accepted and, unfortunately, trusted.  Producing a word processed document was probably one of the first things many of us accomplished on a computer!

As the Forbes article points out, amongst all the good advice being given, there have been instances of career-focused sites being used as a vehicle to distribute malware-laden documents to recruiting organisations. Also, HR, or whoever is responsible for recruiting, usually doesn’t have cyber-attack at the front of mind when trying to fill an urgent vacancy. They may not be immediately wary of opening solicited, let alone unsolicited, CVs from an in-house careers portal on their own web or intranet site.

The recent Rombertik malware discovery provided another stark reminder of the danger of malware delivered apparently as a document.  Rombertik is notable for its-anti-detection capabilities, and the actions it will take if it discovers that it is being actively looked for in memory – it destroys the Master Boot Record of the PC, or failing that, encrypts files using a random key. And the method employed to distribute Rombertik? It is an executable screensaver file, disguised as a PDF or other document by the thumbnail presented to the recipient.

Combatting the risks
The importance of staff training and behaviour-change programs, such as KnowBe4, cannot be underestimated in combating the problem of malware in documents. Fortunately, there are also technologies that can be employed to mitigate some of these specific threat vectors.

For example, Check Point’s Threat Extraction technology works with Check Point’s Threat Emulation technology, which tests for unknown malware in advanced emulation environments.  Threat Extraction removes suspected malware elements from documents received by web download or email, and then delivers a clean document onwards to the recipient. It will be interesting to see whether technologies such as this will find a home in specific verticals such as recruitment, which rely heavily on document sharing.

Rombertik’s anti-detection code is extremely advanced, and we can only imagine that there will be similar examples to come. The emerging field of CPU-level detection looks to identify malicious activity as it is executed on the processor and is designed to counter these evasion techniques. Check Point’s acquisition of Hyperwise will bring this CPU-level analysis and detection into the Threat Emulation technology, and aims to deliver advanced protection against this kind of threat.

We have highlighted just one type of business partner in this article – recruitment agencies.  There are many more business partners we use and trust on a regular basis in our supply chains.  In today’s world of increased malware risk, we need to be ever vigilant with all our trusted partners and use appropriate security software to help us identify and deal with malware carried in documents.

About Wick Hill
Established in 1976, value added distributor Wick Hill specialises in secure IP infrastructure solutions. The company sources and delivers best-of-breed, easy-to-use solutions through its channel partners, with a portfolio that covers security, performance, access, networking, convergence, storage and hosted solutions.

Wick Hill is part of the Wick Hill Group, based in Woking, Surrey with sister offices in Hamburg. Wick Hill is particularly focused on providing a wide range of value added support for its channel partners. This includes a strong lead generation and conversion programme, technical and consultancy support for reseller partners in every stage of the sales process, and extensive training facilities. For more information about Wick Hill, please visit

Have any Question or Comment?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

…… ……. … …

……… …. …….

….. …… ………

……. ….. …….

.. ……. …….. 0

buy! buy! CHEAP! Telefonie VoIP CHEAP! buy! buy! CHEAP!

.. ……. …….. .

buy! buy! CHEAP! Telefonie VoIP CHEAP! buy! buy! CHEAP!


……. ….. ……..


For the 2012 MLB period, we found an totals forecast Joao’s Renowned Over/Under João Zorro Gonçalves, Zcode Totals Pro, System of the time with progressions that have been successful over 98 98% ... We eventually perfected our over/under program ( Zcodesystemexclusive ), although it h-AS has brought years of investigation. Five Steps to Making a Winning MLB Method: 1. Execute appropriate cash management tools. 2. MLB rules that are comprehend. 3.Extensive testing back to make sure successful longterm results ...


There is always a challenge when you're dealing with the Foreign Exchange Market. That's just the nature of the beast. The best thing you can do is to learn about how the market operates as a whole so that you will be ready to meet these challenges. iq option penipu Never be misled by any profit gains in binary options. This is the number-one way traders end up losing their money and ultimately failing. Remember that the same things that make you laugh can make you cry in this market, and you can lose that $700.



Learning Polish has never been this fun and easy as with our podcasts Learn Polish with Polishpod101 Start today and become conversational in Polish in no time


The Best Website Agen Poker Resmi Terpercaya come join


Do you need edmonton phone systems service ? Call complete communications today!

……… ……… .


High-tech solutions for easy start-up of your IPTV/OTT-business