International Cyber Expo International Cyber Expo
  • About Us
Friday, 17 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Ziplining into the Minds of US Supply Chains

A recent report from Check Point Research uncovered a new phishing attack but what does this mean for businesses.

by Guru Writer
September 2, 2025
in Editor's News, Features, Insight
Ziplining into the Minds of US Supply Chains
Share on FacebookShare on Twitter

A recent report from Check Point Research uncovered Zipline, a phishing campaign that fuses subtle, patient social engineering with stealthy in-memory malware, together enabling attackers to slip past traditional defences and manipulate human behaviour on a wide scale.

​

How did they do it, and who was targeted?

​

A typical phishing attack relies on unsolicited emails, but Zipline, on the other hand, flipped the script completely. The attackers instead used a company’s own “Contact Us” web form, prompting a reply from the target. If successful, this marks the beginning of multiple professional email exchanges spanning several weeks, filled with fake NDAs and proposals, all in the hopes of establishing the trust of the target. Once this is done, the malicious ZIP file is sent carrying a .LNK file. This launches a PowerShell loader and delivers MixShell, an in-memory implant using DNS tunnelling for covert communication.  

​

Check Point found that more than 80% of the identified targets in this campaign are based in the United States, underscoring a clear geographic concentration, while also companies in Singapore, Japan, and Switzerland were targeted.  The majority of the targeted companies are in industrial manufacturing (46%), but also affected industries including hardware & semiconductors (18%), consumer goods & services (14%), and biotech & pharmaceuticals (5%). Due to this distribution in sectors, Check Point determined that the attackers tried to seek entry points across wealthy operational and supply chain-critical industries.

​

Why does this Method Work So Well?

​

Tim Ward, CEO and Co-Founder of RedFlags, shared his in-depth knowledge on the topic and focused on how human psychology comes into play,

“Impressive, and worrying, research from Check Point on the ZipLine campaign. What makes this so effective isn’t just the tooling (in‑memory payloads, DNS tunnelling) but the way it exploits how people think:

There is a lot of psychology at play in why this works:

  • Authority & legitimacy bias, formal entry via a “Contact us” form, and an NDA request create a veneer of legitimacy.
  • Commitment & consistency / sunk‑cost effect,  multi‑week professional exchanges make people feel invested and less likely to challenge a late‑stage ZIP request.
  • Reciprocity, they start the conversation so you feel obliged to respond/help.
  • Fluency & familiarity, polished language, sector jargon, and an “AI Impact Assessment” pretext feel normal and current.
  • Normalcy bias, long, routine back‑and‑forth lowers suspicion—“it’s just another vendor thread.”  
  • Urgency & framing, the NDA / AI‑programme framing implies time sensitivity and internal endorsement.

Attackers continue to refine people‑centred attacks, so our defence has to be people‑centred too. Lengthy annual training doesn’t cut it.”

Many of these points have both real-life and theoretical backing. Take, for example, the sunk cost effect that was first found by Harold Arkes and Catherine Blumer. Together, they found that people have the tendency to continue an endeavour as a result of previously invested resources, even when those investments cannot be recovered.

So imagine you just spent weeks building this professional relationship, countless emails sent back and forth, all resulting in a lot of time and effort spent that can never be recovered. This personal investment now causes people to be emotionally invested, and when that final malicious ZIP file comes through, not clicking it would seem like a missed opportunity. Which is, in fact, exactly why the sunk cost fallacy works so well, as it’s based on the idea of “loss aversion”. This is the phenomenon of people feeling the pain of a loss more strongly than the pleasure of an equal gain.

​

What’s The Takeaway Here?

​

This Zipline attack highlights a key truth that the industry most often learns the hard way. People remain the softest attack surface. As a society, we value trust highly; all businesses are dependent on it, but that is exactly why, when it lands in the wrong hands, the results can be catastrophic. While advanced threat detection is essential, the sheer success of this phishing attack promotes just how important continuous, behaviour-aware security education is.

​

However, the blame shouldn’t always lie with the individual. Security leaders should also rethink policies around contact form workflows, NDA processes, and late-stages ZIP file approvals. This, paired with context-aware email security that flags suspicious behavioural patterns over time, can ensure that more attackers can’t zip away with your sensitive data.

ShareTweet
Previous Post

Keeper Security Launches KeeperAI

Next Post

Check Point Named Leader in Gartner 2025 Magic Quadrant for Hybrid Mesh Firewalls

Recent News

AI Appreciation Day: Security Leaders Say the Celebration Needs an Asterisk

AI Appreciation Day: Security Leaders Say the Celebration Needs an Asterisk

July 16, 2026
Q&A: Businesses Are Running Out of Time to Prepare for the Quantum Threat, Warns Moona Ederveen-Schneider

Q&A: Businesses Are Running Out of Time to Prepare for the Quantum Threat, Warns Moona Ederveen-Schneider

July 15, 2026
Proton Launches Business Continuity Service to Keep Firms Communicating Through Outages

Proton Launches Business Continuity Service to Keep Firms Communicating Through Outages

July 15, 2026
Forescout Uncovers AI Assisted Phishing Campaign Using Fake eCards

Forescout Uncovers AI Assisted Phishing Campaign Using Fake eCards

July 14, 2026

Eskenzi PR banner ad

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol