Malicious cyber actors have almost never been known to take the high road.
They don't loose sleep over exploiting a difficult situation, as we have seen numerous attacks on the healthcare sector throughout the pandemic.
And this is exactly the kind of situation playing out right now following the Kaseya ransomware attack.
REvil, the infamous Russian hacking group that attacked JBS Foods earlier this year, was also behind this recent Kaseya incident.
Security researchers identified several Zero-Day vulnerabilities and notified Kaseya. While the company was working on the patches, REvil hackers were able to take advantage before it was completely patched.
This resulted in some 1,500 customers of Kaseya becoming infected with ransomware and a $70 million ransom demand for a universal decryptor.
Now, Malwarebytes and Trustwave are reporting that other hackers are taking advantage of the situation by starting a phishing campaign.
According to Malwarebytes:
"A #malspam campaign is taking advantage of Kaseya VSA #ransomware attack to drop #CobaltStrike. It contains an attachment named 'SecurityUpdates.exe' as well as a link pretending to be security updated from Microsoft to patch Kaseya vulnerability!"
And Trustwave had similar things to say:
"Perhaps not surprisingly, spammers have been quick to jump on this issue as a lure in their malicious emails. Today, we encountered spams claiming that Microsoft issued an update which can provide protection against the Kaseya's vulnerability. Below is an example.
Both a malicious link and attachment are contained in the spams.
The downloaded executable file and the executable attached to the spams are the same file—CobaltStrike malware."
This is certainly not the first time hackers have exploited a hairy situation.
A couple years ago, hackers took advantage of a Boeing 737 MAX 8 crash that resulted in the death of everyone on board. Disregarding the sensitivity of the situation entirely, hackers started a phishing campaign based on the attack.
[RELATED: Phishing on Fears: How Low Will Hackers Go?]
They pretended to be a legitimate source, reaching out to people potentially impacted by the crash. They included an attachment in the email, that when clicked on, downloaded malware to the victim's computer.
In 2019, malicious threat actors took advantage of a mass shooting at a mosque in New Zealand that killed 50 people.
They pretended to be one of the largest banks in the country, Westpac, and asked for donations to help the victims of the shooting.
Over $5 million was donated to the real fund to help the victims, but we will never know how much money the criminals siphoned away from the legitimate effort to help.