It is quite common for cyberattackers to make use of widely-spread news events for this phishing schemes. Criminals latch onto the curiosity or panic that individuals feel in order to get them to click onto malicious emails or links. Last week we had a blog post covering the Colonial Pipeline attack, where a ransomware infection led to a subsequent anxiety and gas frenzy in the local population. Now, piggybacking onto the notoriety of that event, cybercriminals are using that news to leverage further phishing attacks.
Many individuals are reporting that they are receiving emails regarding the Colonial Pipeline ransomware attack and then being asked to download “ransomware system updates” to help protect their organization. The malicious link leads to a seemingly legitimate website that downloads ransomware onto the users’ systems. Once the malware is downloaded it will then infect all of the files on the users’ workspace.
This phishing attack appeared just a few weeks after the headlines stating that the pipeline had to pay out millions to the DarkSide ransomware group. The cybercriminals behind these attacks are capitalizing on the fear and anxiety that people have following major events like this. By offering to download a software that users can download to “protect” themselves, or “fix” a problem that is at the forefront of users’ minds. Furthermore, beyond phishing some of these attacks can look similar to spear-phishing, a form of phishing that involves targeting specific individuals. Cybercriminals may be more likely to target high level executives or employees of organizations in order to help them “prevent” this type of incident for them. Especially after such a large news event like this one, if the email looks like it was sent by the company itself then employees may be very likely to click and download the link.
It is important to apply all of the same principles that you would when evaluating an email for a potential phishing scam. This involves evaluating the legitimacy of the email address or sender, the attachments, links and if the message seems suspicious. It can also be helpful for IT teams of companies to inform employees that they will not be asked to download certain file types. Keeping employees informed and updated is a good preventative measure because many of these phishing schemes capitalize on the fact that employees are afraid to ask questions and will simply follow instructions.
With next-level email security you won't have to worry about detecting phishing scams yourself. We monitor all incoming emails for potentially malicious links and attachments. If we find anything even remotely suspicious, you'll be the first to know.
Some of the incoming malicious emails will be blocked completely, while others will show up still in your inbox with a notification stating that there may be malicious phishing content within the message.
We also provide monthly reporting which will allow our clients to see exactly how many incoming phishing emails they were able to divert.
Find out more here or at www.cyberunit.com