Threat Actors Attempt to Deliver Malware via ISO Attachments
The NJCCIC identified phishing emails containing malicious .iso file attachments attempting to be sent to State employee emails. The content of these emails references tracking information from a popular package delivery service. Threat actors choose ISO files to distribute malware as they are traditionally very large files, leading some email gateways to improperly scan them. Emsisoft details this tactic in a November 2018 blog post. The NJCCIC highly recommends users avoid opening attachments delivered with unexpected or unsolicited emails, exercise caution when opening attachments from known senders, and ensure anti-virus/anti-malware solutions are running and up-to-date.