Threat actors have created a new phishing lure that capitalizes on the public’s fears over the recent ransomware incident that targeted Colonial Pipeline, BleepingComputer
This new avenue of attack comes in the form of urgent emails encouraging targets to download and install malicious files, which are presented as system updates that help protect against the latest ransomware strains.
According to researchers at the cloud-based email security platform INKY, the attackers used the Cobalt Strike penetration testing tool, which was originally designed as a threat emulation software but is being used by malicious actors, and whose source code was leaked late last year.
The threat actors also registered domains through Namecheap that mimic legitimate ones and have been customized with the logo and images of their target company. The familiar messaging and the widespread publicity garnered by the Colonial Pipeline attack made people more receptive to this type of phishing strategy, INKY said.