Malware Can Hide From Email Scanners in Virtual Hard Drives

2 17
Avatar for M.Rosenquist
Written by
This user is who they claim to be.
We have manually verified this user via some other channel.
Proof
3 weeks ago

This is an interesting tactic by cyber attackers – using virtual machine hard drive files to bypass email malware filters! 

Never underestimate the creativity and resourcefulness of intelligent adversaries in finding ways to leverage technology for their advantage and to deftly get around security controls.

The use of virtual machine hard drive files like .vhd and .vhdx can be opened in windows and function like a physical drive.  They are perfect to hide malware from email gateways and network perimeter filters looking for dangerous files and compressed volumes.

The natural response should be for security filters to access and scan the contents of virtual drives before allowing them to be delivered to potential victims.  Sounds simple, but there are some interesting nuances that need to be considered, and of course the attackers would also respond in kind. 

This kind of maneuvering warfare is typical and is part of the never-ending game of cybersecurity!

 

Article: https://www.csoonline.com/article/3575345/threat-actors-increasingly-using-malicious-virtual-hard-drives-in-phishing-attacks.html

2
$ 0.00
Sponsors of M.Rosenquist
empty
empty
empty

Comments

Very good writing

$ 0.00
2 weeks ago

interting

$ 0.00
2 weeks ago