Telltale logo
Kahng An, a member of the Cofense Intelligence Team, in an email interview that there is a telltale sign of this type of attack: “Generally, hard drive files are expected to be as large as they are intended to store. a wealth of information,” he wrote. As a result, “especially the small files of the virtual hard drive are to be blamed as they may not be used correctly. Email is generally not an ideal method for transferring large files, so a file attached to a hard drive should also be treated with suspicion regardless of its size.
“From a mitigation perspective, it may be necessary to remove file links for various hard drive file extensions such as .vhd and .iso on multi-user workstations. The average user in an organization will probably never have a valid reason to need to use virtual hard drive files, and those who need access to them can be redirected to the files as needed.”
So far this year, Cofense has seen malicious actors using email campaigns containing hard drives sent to several of its business customers. They included emails sent in May to employees of an undisclosed bank with the subject line “2023 tax filings.”
Source link