A new blog has warned of a phishing scam using the Colonial Pipeline cyber incident as a lure.
According to Inky, an email security provider, phishing emails purporting to be from a “helpdesk” target Office 365 users with an ask to download a “ransomware system update” from an external site.
The emails cite the Colonial Pipeline incident in the US as the reason to download the “update”. This is a typical example of a phishing scam using a recent issue in the news to entice people.
The malicious external sites lead users to a download button which installs Colbalt Strike malware. Colbalt Strike is a legitimate pen testing tool that’s commonly abused by hackers.
The phishing emails that Inky has seen were sent from two newly created domains with registrar Namecheap. The NCSC’s latest Active Cyber Defence Report revealed that Namecheap was the most popular host of UK government themed phishing in 2020.
The NCSC has published guidance for organisations on defending against phishing attacks. We have also published guidance for individuals outlining how to handle suspicious messages. Anybody who thinks that they have received a phishing email should report this to us by forwarding the email to firstname.lastname@example.org .
Updated trojan malware with new abilities, cause for concern
A newer version of the historic remote access trojan (RAT) malware, is being used to gain access to usernames, passwords and other sensitive information, including cryptocurrency, from victims.
The malicious messages are disguised as work emails containing harmful attachments, which contains a macro which, if opened and run, starts a process that executes and downloads the RAT onto the machine.
A number of these type of attacks continue to be spread by phishing emails, meaning if appropriate precautions are taken, becoming a victim to this type of attack is avoidable.
The NCSC has guidance on how to protect yourself from the impact of data breaches.
If you receive a message or phone call about a security breach that doesn’t feel right, here’s what to do:
- If you’ve received a suspicious email, forward it to the NCSC’s Suspicious Email Reporting Service at email@example.com
- If you’ve received a suspicious text message, forward it to 7726
US politician accidentally reveals password on Twitter
A US Representative has attracted attention by tweeting a photograph that appeared to show his password taped to his monitor.
Representative Mo Brooks has since deleted the photo but could face having to change one or more of his passwords if he did accidentally reveal sensitive information.
If you’re the victim of a data breach – including by exposing your password on Twitter – the NCSC has produced guidance on what to do to stay safe.
You might not want to use a password manager, or you might need help to remember the password for the password manager itself. In that case it’s fine to write passwords down – just be sure to keep them in a safe place.