Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Phishing Uses Colonial Pipeline Ransomware Lures to Infect Victims

Phishing Uses Colonial Pipeline Ransomware Lures to Infect Victims

The recent ransomware attack on Colonial Pipeline inspired a threat actor to create a new phishing lure to trick victims into downloading malicious files.

The emails are targeted and tailored as urgent notifications to download and install a system update that would defend against the latest ransomware strains.

Well-crafted emails

Threat actors did not lose much time after the Colonial Pipeline incident and used it as a theme in a new phishing campaign deployed a couple of weeks later.

Researchers at cloud-based email security platform INKY analyzed the attack which attempted to compromise computer systems using the Cobalt Strike penetration testing tool.

The fake emails use the Colonial Pipeline attack as an example of the devastating consequences a ransomware incident can have on an organization.

They urge recipients to install a system update from an external link to enable the system to “detect and prevent the latest strains of ransomware.” A deadline for applying the update is also provided, to increase urgency.

Also Read: PDPA Singapore Guidelines: 16 Key Concepts For Your Business

Ransomware attack on Colonial Pipeline used in phishing

Cobalt Strike inside

The threat actor used domains that are easy to mistake for legitimate ones (ms-sysupdate[.]com and selectivepatch[.]com), registered towards the end of May through Namecheap.

INKY researchers note that the two domains were used for sending the malicious emails as well as for hosting the fake “ransomware update” executables.

Furthermore, in both cases the download pages were customized with the target company’s logo and imagery, to make them appear trustworthy.

fake ransomware update

INKY researchers say in a blog post today that the payload was Cobalt Strike, a threat emulation software developed for penetration testing purposes but often used by malicious actors, too, especially in the ransomware business.

To make matters worse, the source code for Cobalt Strike was leaked in late 2020, which made it accessible to a wider variety of adversaries. Fortunately, the payload used in this phishing campaign is detected by a large number of antivirus solutions.

Cobalt Strike detections on Virus Total

Attackers in the phishing business are keeping an eye on the news to come up with relevant lures that would increase the success of their campaigns.

Typically, users are more receptive to messages containing familiar information. In this case, the highly publicized attack on Colonial Pipelines brought attention to the ransomware threat and its wider effect when hitting sensitive organizations.

Also Read: Data Protection Officer Singapore | 10 FAQs

“In this environment, phishers tried to exploit people’s anxiety, offering them a software update that would “fix” the problem via a highly targeted email that used design language that could plausibly be the recipient’s company’s own. All the recipient had to do was click the big blue button, and the malware would be injected” – INKY



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us