Phishing with malicious iso files
Phishing emails rely on many methods, such as sending exploit documents or executables. Thankfully, companies have figured out that this is common and implemented file attachment extension blockers, such as preventing external .pdf files and all .exe files.
Above is an example from the ACSC.
Phishing training does now cover this, but what about an iso?
From: "<<Canada Post Delivery>> firstname.lastname@example.org" (likely spoofed) Received: "from compassionate-mahavira.206-221-176-154.plesk.page (mail.mail-server-desk.com [188.8.131.52]) " Date: "Fri, 25 Mar 2022 12:48:40 +0000" Subject: "Delivery Updated" Attachment: "Attachment.iso"
Windows makes it very easy to interact with .iso files, double clicking automatically makes it mount and show the disk image.
Hopefully the target at this point would notice that it is a .exe, but the classic word icon may fool them.
This writeup hasn’t been technical, but it needs to be recognised that simple methods can bypass email safety rules, and users need to be trained for this rather than putting up minimal safety nets.