Actu
Cofense Research: Virtual Hard Drives Bypass Secure Email Gateways
October 2024 by Cofense
Cofense Intelligence released research on how threat actors are utilizing virtual hard drives to bypass Secure Email Gateways and commercial antivirus to share malicious payloads. Whether delivered through a .zip archive attachment or embedded link, SEGs and antivirus scanners are struggling to detect the malicious content contained within these virtual hard drive files.
Key findings:
Throughout 2024, mountable virtual hard drive files have been utilized as a delivery mechanism across multiple distinct email campaigns delivering various malware families
While the email themes may differ from campaign to campaign, they all appear to be delivering Remcos Remote Access Trojan (RAT) and/or XWorm RAT
These RATs are some of the most common in SEG-protected environments
