Threat actors often use popular news headlines to entice people to click on malicious links in email messages, and the recent Colonial Pipeline hack is the perfect opportunity for criminals. Threat researchers are seeing malicious emails that discuss the attack and ask victims to download a “ransomware system update” in order to protect their organization. The emails contain links to websites with convincing names. The threat actors behind the attacks created fake websites that are designed with logos from the target companies to further convince victims everything is legitimate. Threat researchers stated the attackers were able to get past many phishing systems by using new domains. This same technique will likely be used in conjunction with the recent JBS attack as well.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased