Our cybersecurity company in Miami downloads zip files daily. Your business may download zip files, too. It’s not uncommon to zip an entire client’s folder and send it to them because it will:
- Condense all files into one
- Compress the files to make uploading and downloading faster
Zip files were made in 1989, and they remain one of the world’s most widely used file formats because of the structural flexibility they offer.
But just like anything else in the digital world, hackers can use zip files to carry out attacks.
What is Zip Concatenation?
Malicious actors always look for exploits that can help them evade detection and attack businesses. Malware is big business, and through an exploit called zip concatenation, hackers will use exploits to evade common security solutions.
How?
It’s complicated. Zip files are comprised of file entries, a central directory and an end of central directory. All components are part of a Zip file’s structure and add to the flexibility of the file type. Since you may be using Windows File Explorer, 7zip or other “unzipping software,” each has its own nuances that hackers may exploit.
One tactic is to zip multiple zip files into one to stop certain zip readers from accessing all of the archives properly.
Depending on the reader, one zip file in the combined zip file may have its directory visible, but not the others. Often, the last zip file will have precedent as a central directory. Malicious files may be hidden due to this type of exploit, causing you to unzip malware and execute it.
Example of a Zip Concatenation Attack
Visualizing an attack of this nature is challenging if you don’t know the inner workings of zip files and all of the respective zip readers available. Imagine this common occurrence in your office:
- An employee receives a phishing email from an account that looks like it's from the owner.
- The hacker states that they’ve attached an important client file that needs to be reviewed ASAP.
- You open the Zip file, which may even contain a real client’s name as part of the file name, or it can be a different extension, such as a .rar, to hide the file type.
Depending on the zip reader you use, it might miss the malicious archive that may be a hidden .exe file in disguise and install malware or trojans on a business’s servers. If your organization is a direct target of a bad actor, the actor may know the exact zip readers you use and use this knowledge to create very specific exploits.
Threats are evolving, and a zip concatenation attack is a simple attack that is easy to replicate and will likely only grow in popularity. Advanced tools and strategies can be deployed to limit the risk of these attacks.
Training employees and bringing awareness to the new threat is only the start of the measures that you can use to limit the risk of attacks. Working with a security expert can further harden your business from falling victim to these new, innovative attacks.
Don’t let your business fall victim to zip concatenation.
Call us to hire a cybersecurity firm in Miami to help you protect against ZIP file concatenation.