ISO Files Are Being Used To Deliver Malware

January 14, 2020

Written by wukovits

iso files are being used to deliver malwareResearchers at Trustwave have observed a notable increase in the use of .ISO files to deliver malware. Hackers have relied on poisoned disk image files for years to deliver malware to their targets.

It makes sense in a Windows environment because it allows attackers to disguise their payloads as an innocent, standard file type.

In terms of scope and scale, the Trustwave researchers have noted a 6 percent increase in 2019 of this particular attack vector. It is noteworthy enough to be of genuine concern, especially given the fact that .ISO files are often overlooked by antivirus software. That makes it more likely that attackers can deliver their payload undetected.

In one particular campaign unearthed by the researchers, the attackers sent an email that appeared to come from FedEx and offered package tracking information. This was in an attempt to trick recipients into clicking on a file to gain additional information about an incoming package. Of course, the package didn’t actually exist, and clicking on the (.ISO) file installed a malicious payload on the victim’s computer.

It should be noted that .ISO files are not the only image file used in this way. Trustwave also reports a modest uptick in the use of Direct Access Archive (DAA) files. Use of DAA files for the purpose of delivering malware is seen as being somewhat less efficient and effective than using the .ISO format. That’s because specialized software is required to open a .DAA file.

Nonetheless, if a hacking group has done their due diligence and knows the software is installed on a target computer, the DAA file represents another possible inroad that’s likely to go undetected.

Hackers are becoming increasingly inventive, using old tricks mixed with new to infect target systems, making it more difficult than ever for harried IT managers to keep their networks safe. Stay on high alert. The threat landscape is more unpredictable than ever.

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

Key Considerations for Effective Cybersecurity Implementation

Consider this: In the realm of cybersecurity, things often get tangled in the web of "you should do it anyway" arguments. Yet, for busy business owners bombarded with daily "must-dos," deciphering the essentials from the fluff can feel like a cyber maze. We aim to...

Major Cyber Attack at OMV

Louisiana’s Office of Motor Vehicles (OMV) is one of a still undetermined number of government entities, major businesses, and organizations to be affected by an unprecedented Data Breach.There is no indication at this time that cyber attackers who breached MOVEit...