- The campaign has targeted more than 900 companies with sophisticated phishing lures
- The objective was to deploy a remote monitoring and management tool
- Pirates change objectives and priorities and businesses must adapt
More than 900 organizations were targeted by a very convincing phishing attack which sought to deploy a legitimate surveillance and remote management solution (RMM) and to access the target termination criteria without lifting alarms.
A new report by researchers in abnormal pretended criminals would use compromise chat and conversation threads, pages of phishing generated by AI and would abuse video conference platforms from legitimate file sharing to zoom and microsoft teams with authentic emails.
The objective was to bring the victims to install Connectwise ScreenConnect, a legitimate computer tool reused for full distance access. Instead of stealing passwords, the attackers attract the victims to give them control to the administrator level on business systems. Once inside, they launch account requests, side phishing campaigns and data theft while mixing normal computer activity.
Target education and religious groups
Among the 900 companies attacked so far, the researchers have found that the majority appeared in education and religious groups (14.4%), health care and pharmacy (9.7%) and financial services (9.4%), other sectors such as insurance, legal, retail, manufacturing and technology, also targeted. Most victims are in the United States, the United Kingdom, Canada and Australia.
Attacks are fueled by a dark web market that sells ScreenConnect “attack kits” for a few thousand dollars, as well as the Network Access reagent from $ 500 to $ 2,000.
Some suppliers even offer $ 6,000 of personalized packages with training and support, effectively transforming ScreenConnect abuse into a Rat commercial model as a service.
This campaign highlights a dangerous change, believes abnormal. Instead of entering systems, actors in the armament threat now of confidence work tools to circumvent defenses.
This is why companies should adopt the security of emails fueled by AI, monitoring of ending points, zero frust and better training in staff awareness, to counter these increasingly sophisticated threats.
