Register now for better personalized quote!

NSA and CISA alert: This phishing scam could give hackers control of your PC

Jan, 26, 2023 Hi-network.com
Jamie Grill/Getty

Cyber criminals are actively exploiting remote management software to aid phishing scams and steal money from victims, a joint advisory by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) has warned. 

The warning comes following the discovery of an email phishing campaign that tricks victims into downloading legitimate remote monitoring and management (RMM) software, which allows attackers to gain access to bank accounts. 

Also: These experts are racing to protect AI from hackers. Time is running out

Crucially, it does so without triggering antivirus alerts because the RMM tool is a genuine application with a verified case for use -- and that's something that cyber criminals can exploit as a workaround, rather than attempting to trick victims into downloading malware that could set off warnings. 

According to CISA and the NSA, while this campaign is specifically targeting finances, the remote access gained means attackers could use it for other malicious purposes, such as stealing usernames and passwords, and installing backdoors to compromise systems, which could be used to launch ransomware attacks. 

The attacks, believed to be the work of a financially motivated cyber-criminal gang, have been ongoing since at least June 2022, and begin with phishing emails designed to manipulate victims. 

Security

  • 8 habits of highly secure remote workers
  • How to find and remove spyware from your phone
  • The best VPN services: How do the top 5 compare?
  • How to find out if you are involved in a data breach -- and what to do next

According to the advisory, one common phishing template being leveraged in these attacks is a message that claims an annual subscription is about to be automatically renewed at a cost of hundreds of dollars. 

This is designed to panic victims into calling the 'help desk' listed in the email. If they do this, the help desk -- operated by scammers -- will attempt to convince the victim to download remote management software to 'help' them with their query and cancel the payment. 

But in reality, no payment is about to occur and all the attackers want to do is convince the victim to log in to their online bank account while the remote management software is active. The attackers use this access to the bank account to steal money from the victim. 

Also: What is phishing? Everything you need to know to protect against scam emails - and worse

In this campaign, the attackers are using ScreenConnect and AnyDesk, but the advisory warns that they can use any legitimate remote management software. And because attackers can download legitimate RMM software as self-contained, portable executables, they can bypass both administrative privilege requirements and software management control policies. 

"Threat actors often target legitimate users of RMM software. Targets can include managed service providers (MSPs) and IT help desks, who regularly use legitimate RMM software for technical and security end-user support, network management, endpoint monitoring, and to interact remotely with hosts for IT-support functions," warns the advisory.

Also: Email is our greatest productivity tool. That's why phishing is so dangerous to everyone

According to CISA, actions that can be taken to help avoid falling victim to this and similar campaigns include implementing best practices to block phishing emails, and to carefully monitor activity to identify suspicious or unwarranted use of software on the network. 

The agency also suggests implementing a user-training program and running phishing exercises to raise awareness among users about the risks of visiting suspicious websites, clicking on suspicious links, and opening suspicious attachments. 

MORE ON CYBERSECURITY

  • Password-hacking attacks are on the rise. Here's how to stop your accounts from being stolen
  • Hackers are using this old trick to dodge security protections
  • LinkedIn has massively cut the time it takes to detect security threats. Here's how it did it
  • These crooks have stolen millions of passwords. Here's how to avoid becoming their next victim
  • A security researcher easily found my passwords and more: How my digital footprints left me surprisingly over-exposed

tag-icon Hot Tags : Tech Security

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.