Criminals Feign Clop Ransomware Identity for Extortion Purposes Against Corporations
In a concerning development, cybercriminals are impersonating the Clop ransomware gang and using the LogoKit phishing-as-a-service platform to extort businesses.
According to recent reports, attackers have exploited a vulnerability in managed file transfer firm Cleo, claiming to have done so to justify their actions. This tactic, exploiting vulnerabilities in managed file transfer software, has been a common strategy used by the Clop ransomware gang.
Barracuda, a leading provider of cloud-enabled security solutions, has reported a continued rise in the use of Scalable Vector Graphics (SVG) attachments in phishing attacks. SVGs, due to their ability to contain embedded scripts that don't look suspicious to security tools, are becoming a popular method for delivering malicious payloads.
The latest phishing activity involving LogoKit involves emails with headers of "Password Reset Requested" or "Immediate Account Action Required". These emails are designed to encourage recipients to click on the link, which leads to a dynamically created phishing page hosted by LogoKit. The phishing page is designed to look identical to the login portal and password reset page of the service the victim believes they are connecting to.
Once the victim clicks the link and enters their login credentials, these are captured by the attacker. LogoKit is capable of real-time interaction with victims, adapting phishing pages dynamically as the victim types in their credentials.
Barracuda's March Email Threat Radar report identified phishing activity using techniques designed to evade traditional security defenses over the past month. The emails, however, are often designed to look like genuine Clop extortion demands, leading to confusion. The researchers stated that the email lacked elements associated with genuine Clop extortion demands, such as a 48-hour payment deadline, links to a secure chat channel for ransom payment negotiations, and partial names of companies whose data was breached.
This is not an isolated incident. GuidePoint Security and the FBI have recently revealed that fraudsters are sending businesses extortion letters purporting to be from the BianLian ransomware group.
It is presumed that the perpetrators of the reported phishing attack at LogoKit are a cybercriminal organization known for targeting businesses with phishing schemes. This incident is part of a trend of scammers impersonating high-profile ransomware actors.
Businesses are advised to stay vigilant and verify the authenticity of any emails requesting sensitive information or demanding immediate action. Always double-check links before clicking, and ensure that the email contains the expected elements associated with a genuine extortion demand.
In the face of increasing cyber threats, it is more important than ever for businesses to prioritise cybersecurity measures and educate their employees about the signs of phishing attacks.
Read also:
- Global Content Dissemination Through Cross-Linguistic Voiceovers
- Mandated automobile safety technologies in the EU may be deemed "irrational," "erratic," and potentially dangerous, experts caution.
- AI-Generated Humor Spreads on Gemini Nano Banana: Light-hearted Modifications Spark Concerns over User Privacy
- New study reveals that Language Models can execute complex assaults independent of human intervention
