Phishing operators use Colonial Pipeline emails to trick victims

Phishing operators

The emails are disguised as urgent notifications about the download of a system update designed to protect against ransomware.

The recent attack on the Colonial Pipeline by DarkSide ransomware operators has inspired cybercriminals to create a new phishing decoy that trick victims into downloading malicious files. The emails are disguised as urgent notifications to download and install a system update that supposedly protects against the latest types of ransomware.

Cybersecurity researchers at INKY analyzed a malicious campaign in which hackers tried to compromise computer systems using the Cobalt Strike tool. The fake emails use the Colonial Pipeline attack as an example of the devastating consequences that can happen to an organization.

Recipients are encouraged to install a system update from an external link so that the system can “detect and prevent the latest ransomware.” There is also a deadline for applying the update, which puts even more pressure on a potential victim.

The attackers used domains that could easily be mistaken for legitimate (ms-sysupdate [.] Com and selectedpatch [.] Com). The resources were registered at the end of May this year through Namecheap. The download pages have been customized with the target company’s logo and images for more credibility.

Catch up on more stories here

Follow us on Facebook here

Leave a Reply