Security Awareness Training Blog

    Be Wary of Unrequested Disc Images

    RogerMasterClass-FeatureImage (1)Microsoft’s recent announcement that the new version of Microsoft Windows, Microsoft Windows 11, will be released soon is capturing headlines around the world. Microsoft will allow Windows 11 to be downloaded and installed to qualified user computers.

    It is a great news event to remind security awareness advocates of the high likelihood of phishers to use the newsworthy event, and especially the download image capabilities, to phish people into installing malware. Certainly, Microsoft’s download process will not be a direct, “here is a URL link in an email” process. Microsoft’s processes and licensing verification processes will ensure that the actual downloading offering service is sophisticated and safe.

    The same cannot be said of phishers. They will no doubt send out tens of millions of emails claiming to be from Microsoft, service providers and IT departments, claiming that the targeted receiver MUST immediately download and install Windows 11 using the provided URL link under some threat of penalty or disruption. You know it is going to happen. You know that some small percentage of users will fall for it. Hackers would not do it if a small percentage of people were not prone to these sorts of phishing attacks.

    It is a great time to remind users about how newsworthy events, like the release of Windows 11, will be used by scammers and phishers. It is a great time to create simulated phishing campaigns based around Microsoft’s announcement and other newsworthy events (e.g., COVID, earthquake, celebrity deaths, global news, etc.) and see who could be susceptible to a real phishing attack using the same tactics. 

    It is also important to remind users to be very suspicious of any unexpected links to software install disc images. This applies to image file format extensions including ISO, IMG, BIN, MDF, VM, VMDK, VMX, and VHD. Most the phishing attacks will claim to link to disc image files, but really point to executables (e.g., EXE, ELF, DLL, etc.), archive file types (e.g., ZIP, ARC, etc.), scripts (e.g., PS, CMD, BAT, etc.) and commonly used document types (e.g., DOC, DOCX, PDF, etc.). But many of the links will point to real, but maliciously used, disc image file formats. This is because many computer defenses do not block them by default and many people do not understand what those image files are and can do. Many antivirus programs do not scan them before they launch.

    It is a big risk for the scammer. Disc image file types are less likely to be downloaded by most users (that is a big negative), but if attempted by the user, the included maliciousness is possibly more likely to evade mitigations and be able to execute upon end users. 

    All defenders should, for sure, block all of the known disc image formats, from being able to be sent to users in email and from being freely downloadable by users, or at least try to automatically warn the users of the potential risks.  Regardless of automated mitigation deployment, all users should be educated about the risks associated with unrequested disc images files. Sysadmins should routinely scan the network and managed user machines for disc image files and investigate suspicious looking or placed findings. It is also a good time to make sure your antivirus or endpoint detection and response software protects your environment from disk image threats. 

    Phishing using disc images have never been super popular, but expect an uptick in their use during Microsoft’s Windows 11 rollout. It is never bad to be prepared.

     

    Return To KnowBe4 Security Blog

    Free Phishing Security Test

    Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

    PST ResultsHere's how it works:

    • Immediately start your test for up to 100 users (no need to talk to anyone)
    • Select from 20+ languages and customize the phishing test template based on your environment
    • Choose the landing page your users see after they click
    • Show users which red flags they missed, or a 404 page
    • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
    • See how your organization compares to others in your industry

    Go Phishing Now!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/phishing-security-test-offer

    Topics: Phishing, KnowBe4

    Roger Grimes

    ABOUT ROGER GRIMES

    Roger A. Grimes is Data-Driven Defense Evangelist at KnowBe4. He is a 30-year computer security professional, author of 13 books and over 1,200 national magazine articles. He frequently consults with international organizations of all sizes and many of the world’s militaries. Grimes regularly presents at national computer security conferences, and is known for his often contrarian, fact-filled viewpoints.

    Read more from Roger »

    Subscribe To Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews