Telltale signal
Kahng An, a member of the Cofense Intelligence Workforce, stated in an electronic mail interview that there’s a tell-tale signal of this sort of assault: “Normally, digital exhausting drive recordsdata are anticipated to be pretty massive as they’re supposed to be storage volumes for giant quantities of knowledge,” he wrote. Consequently, “notably small digital exhausting drive recordsdata ought to be handled with suspicion as they’re doubtless not getting used appropriately. E-mail sometimes isn’t a very good medium for giant file transfers both, so an hooked up digital exhausting drive file must also be handled with suspicion no matter its dimension.
“From a mitigation standpoint, it could be price eradicating file associations for numerous digital exhausting drive file extensions corresponding to .vhd and .iso from most customers’ workstations. The typical consumer in a company most likely gained’t ever have a official purpose to wish to make use of digital exhausting drive recordsdata, and people who do want entry to them might have file associations restored as wanted.”
Thus far this 12 months, Cofense has seen menace actors use electronic mail campaigns containing digital exhausting drives despatched to a number of of its enterprise prospects. They included emails despatched in Could to workers at an unnamed financial institution with the topic line “2023 Tax supporting Paperwork.”
