Cloud Security, Ransomware, Phishing

New phishing lure developed in wake of Colonial Pipeline attack

June 4, 2021
Threat actors have created a new phishing lure that capitalizes on the public’s fears over the recent ransomware incident that targeted Colonial Pipeline, BleepingComputer reports.

This new avenue of attack comes in the form of urgent emails encouraging targets to download and install malicious files, which are presented as system updates that help protect against the latest ransomware strains.

According to researchers at the cloud-based email security platform INKY, the attackers used the Cobalt Strike penetration testing tool, which was originally designed as a threat emulation software but is being used by malicious actors, and whose source code was leaked late last year.

The threat actors also registered domains through Namecheap that mimic legitimate ones and have been customized with the logo and images of their target company. The familiar messaging and the widespread publicity garnered by the Colonial Pipeline attack made people more receptive to this type of phishing strategy, INKY said.
Jill Aitoro

SC Media Editor in Chief Jill Aitoro has 20 years of experience editing and reporting on technology, business and policy. She also serves as editorial director at SC Media’s parent company, CyberRisk Alliance. Prior to joining CRA, she worked at Sightline Media as editor of Defense News and executive editor of the Business-to-Government Group. She previously worked at Washington Business Journal and Nextgov, covering federal technology, contracting and policy, as well as CMP Media’s VARBusiness and CRN and Penton Media’s iSeries News.

prestitial ad