Recent research indicates that attackers have moved away from the traditional malicious Office attachment macro in favor of .LNK files. These files, once opened, run malicious scripts intended to deliver malicious payloads onto the host machine, making the user susceptible to cyber crime.
Malicious .LNK files can be delivered through email, social media, USB devices, or the cloud. This technique is successful because despite the security attention gained by macro and macro-like attacks, one major vulnerable spot remains: the numerous applications that leverage and expose .LNK files.
The .LNK technique is not a new one. A published proof-of-concept demonstrated how easy it was to exploit trust in this kind of file. This would be done by embedding a malicious script directly in the shortcut itself, setting up the file to run even if the user can't modify their registry. The attack may contain simple instructions that drop the malicious code to the target machine, providing an entry point for the attacker.
However, organizations of all sizes can protect themselves against such cyber threats by taking steps to limit what applications have access to .LNK files, as well as by monitoring the network traffic and files passing through it. There are also several third-party applications that are specialized in parsing malicious .LNK files, so it’s important to be aware of those tools.
Organizations should also develop and utilize processes for standardizing file extensions across the enterprise, which would allow organizations to easily identify .LNK files and block them from entering the enterprise infrastructure. Finally, organizations should also consider periodically scanning their systems for malicious .LNK activity as part of their overall security posture.
The .LNK-as-a-vehicle-for-malware technique is a dangerous cyber security risk that needs to be taken seriously. Attackers are continuously finding new ways to exploit vulnerable spots in organizations’ cyber security defense, and organizations need to be mindful of the techniques attackers use to launch successful cyber attacks. By taking proactive steps such as limiting access to .LNK files, organizations can reduce the effectiveness of this attack vector and protect their digital assets.
This Cyber News was published on www.csoonline.com. Publication date: Wed, 25 Jan 2023 19:11:02 +0000