Malware Can Hide From Email Scanners in Virtual Hard Drives


de39333253a00c2a6897ce7f1bf15a658eb667627af86ffad247049d0420f621.jpg

This is an interesting tactic by cyber attackers — using virtual machine hard drive files to bypass email malware filters!

Never underestimate the creativity and resourcefulness of intelligent adversaries in finding ways to leverage technology for their advantage and to deftly get around security controls.

The use of virtual machine hard drive files like .vhd and .vhdx can be opened in windows and function like a physical drive. They are perfect to hide malware from email gateways and network perimeter filters looking for dangerous files and compressed volumes.

The natural response should be for security filters to access and scan the contents of virtual drives before allowing them to be delivered to potential victims. Sounds simple, but there are some interesting nuances that need to be considered, and of course the attackers would also respond in kind.

This kind of maneuvering warfare is typical and is part of the never-ending game of cybersecurity!

 

Related Article: https://www.csoonline.com/article/3575345/threat-actors-increasingly-using-malicious-virtual-hard-drives-in-phishing-attacks.html

How do you rate this article?

16


Matthew Rosenquist
Matthew Rosenquist

Cybersecurity Strategist specializing in the evolution of threats, opportunities, and risks in pursuit of optimal security for our digital world.


Cybersecurity Tomorrow
Cybersecurity Tomorrow

Cybersecurity strategy perspectives for the emerging risks and opportunities of securing our digital world. The insights of today will lead to tomorrow's security, privacy, and safety foundations.

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.