Malware Can Hide From Email Scanners in Virtual Hard Drives
This is an interesting tactic by cyber attackers — using virtual machine hard drive files to bypass email malware filters!
The security community should never underestimate the creativity and resourcefulness of intelligent adversaries! Hackers find ways to leverage technology for their advantage and to deftly get around security controls.
The use of virtual machine hard drive files like .vhd and .vhdx files, which can be opened by Windows and essentially function like a physical drive, represent a new cybersecurity risk for sneaking malware on to a targeted system. These files are perfect to hide malware from email gateways and network perimeter filters that are trained to identify dangerous files and are enabled to inspect compressed volumes like .zip files.
The natural response for security professionals should be to enable security filtering tools to access and scan the contents of virtual drives before allowing them to be delivered to potential victims. This sounds simple, but there are some interesting nuances that need to be considered, and of course the attackers would also respond in kind. At the very least, these types of files should be outright blocked from email as they are rarely used and represent a present threat.
This kind of maneuvering warfare, between hackers and security, is typical and is part of the never-ending game of cybersecurity!
Related Article: https://www.csoonline.com/article/3575345/threat-actors-increasingly-using-malicious-virtual-hard-drives-in-phishing-attacks.html