- The campaign directed more than 900 companies with sophisticated Phishing lures
- The objective was to implement a remote administration and monitoring tool.
- Computer pirates are changing goals and priorities and companies must adapt
More than 900 organizations have been attacked by a very convincing phishing attack that sought to implement a legitimate solution of remote monitoring and management (RMM) and obtain access to objective final points without generating any alarm.
A new report by the security investigators of the affected abnormal criminals would use compromised email accounts and conversation threads, phishing pages generated by AI and would abuse legitimate platforms of videoconference for file exchange to falsify Zoom and Microsoft equipment with authentic electronic emails.
The objective was to get victims to install Connectwise Screenconnect, a legitimate IT tool reused for complete remote access. Instead of stealing passwords, attackers attract victims to give them control at the level of administrator over corporate systems. Once inside, they launch account acquisitions, lateral phishing campaigns and data theft while combining with the normal IT activity.
Go to education and religious groups
Among the 900 companies attacked so far, the researchers found that most were in educational and religious groups (14.4%), medical and pharmaceutical care (9.7%) and financial services (9.4%), with other industries such as safe, legal, retail, manufacturing and technology, which are also very pointed. Most victims are in the United States, the United Kingdom, Canada and Australia.
The attacks are driven by a dark web market that sells “attack kits” of Screenconnect for a few thousand dollars, along with access to the network from $ 500 to $ 2,000.
Some suppliers even offer custom packages of $ 6,000 with training and support, effectively converting the abuse of screenshots into a rat model as a service.
This campaign highlights a dangerous change, believes abnormal. Instead of breaking into the systems, threat actors are now assembling reliable work tools to put aside the defenses.
That is why companies should adopt email security with AI, monitoring of end points, zerofils and better staff awareness training, to counteract these increasingly sophisticated threats.
