Tag Archive for: Legit

Hackers used legit remote monitoring software to hack agency networks

/in


The National Security Agency and the Cybersecurity and Infrastructure Security Agency issued new guidance Wednesday to help safeguard remote monitoring and management, or RMM, software from malicious attacks. 

The guidance aims to help enterprises identify and mitigate potential breaches tied to the software — which helps managed IT service providers monitor endpoints, networks and devices — after attackers have used phishing emails to gain access to networks through legitimate RMM software, identified by CISA in October 2022. 

Specifically, attackers sent a phishing email to a federal civilian executive branch employee in June 2022 with a phone number that led them to visit a malicious domain. 

By October, CISA had found malicious activity on two federal civilian executive branch networks through a retrospective analysis of its intrusion detection system known as EINSTEIN, with bi-directional traffic occurring between one network and a malicious domain in mid-September. 

“Based on further EINSTEIN analysis and incident response support, CISA identified related activity on many other [federal civilian executive branch] networks,” the guidance said. 

Officials said in the guidance that attackers have been sending “help desk-themed phishing emails” to federal employees personal and government emails since at least June 2022 with either a link to a malicious domain or a phone number that then directs them to the domain.

That first stage domain then triggers the victim to download an executable file that connects to a second malicious domain, from which a victim downloads RMM software to connect to the attackers’ RMM server.   

Because the attackers don’t install RMM software on the compromised victim’s network, they can evade risk management systems by deploying it as a portable executable file and attack other vulnerable machines through local user rights. 

“The authoring organizations assess this activity is part of a widespread, financially motivated phishing campaign and is related to malicious typosquatting activity” uncovered in by Reston cyberthreat detection firm Silent Push in October with attackers impersonating companies like Amazon, Microsoft, Geek Squad, McAfee,…

Source…

CISA Warns Of Heightened Hacking Threat Using Legit Remote Desktop Tools

/in


hero cisa warns hacking threat remote desktop tools news
Yesterday, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) published a joint cybersecurity advisory warning network defenders about phishing attacks that leverage remote monitoring and management (RMM) software. This advisory comes after CISA discovered malicious RMM activity on two federal civilian executive branch (FCEB) networks and identified this activity as part of a larger refund scam campaign.

RMM software, similar to remote desktop software, provides users with a set of tools to remotely access and manage computer systems. Unfortunately, as we reported recently, threat actors have taken to using this legitimate software in place of malware to access victims’ devices. Since RMM software is also used by those providing authentic IT support, it can be difficult for users to distinguish between legitimate and malicious uses of this software, particularly when threat actors pose as IT support technicians.

geek squad phishing email sent to fceb staff news
Geek Squad phishing email sent to FCEB staff (click to enlarge) (source: CISA)

Starting in June 2022, FCEB staff began receiving phishing emails listing fake, unexpected invoices. Some of these emails prompted recipients to directly visit fraudulent support websites, while others directed recipients to call customer care phone numbers. Calls to these numbers were answered by phony customer support agents who pointed callers to the same fraudulent support websites as the ones linked in other phishing emails.

These websites served RMM software executables to visitors under the pretense that customer support agents would use the software to help resolve problems with the invoice refund process. Since portable executables skip the installation process and directly launch programs, the RMM software distributed by the threat actors could bypass security controls blocking the installation of unapproved programs. The RMM software, whether AnyDesk or ScreenConnect, was configured to automatically connect to the threat actor’s RMM servers, giving the threat actors access to victims’ computers shortly after launching.

Once the RMM software was running, the threat…

Source…

How People Make Hacking a Legit Career Choice

/in


The media, journalists, and the public are prone to oversimplification. And hackers are no exception. Hackers get a bad rap in movies and TV shows. Their reputation is often that of a shadowy, secretive, or marginal group. Here’s how people make hacking a legit career choice.


Calendar – Calendar

Possibly it’s the evil genius who can quickly break government systems. Why? Maybe it’s political beliefs or just the lols. But, even the introvert, “the basement hacker,” who is untrained and disorganized, can be a dangerous adversary.

As such, your imagination probably doesn’t conjure ethical hackers. In recent years, though, many large companies have hired white hat hackers. Why? They’re hired to prevent attacks, bugs, and threats and test and monitor their systems.

What’s more, ethical hackers are making a solid living. According to ZipRecruitor, the national average is $135,269 a year for an ethical hacking job in the US.

Apart from a high salary, a good hacker can make money in various ways outside of their regular job. For example, if you want to make your own schedule or don’t want to be tied to any one location, that’s appealing.

But how can you make hacking a legit career choice? Well, let’s find out.

Why Are Hackers Hired?

Professional hackers test the security of companies. To verify whether their security controls are effective, they hire hackers. Additionally, they will make security suggestions.

Before releasing a new web application, a company might hire hackers to find weaknesses. The application will be less vulnerable to hackers when it hits the market as a result.

In addition, private companies and governments hire hackers. Competitive intelligence is in the interest of private companies. To force customers to switch to their services by making their competitors unavailable. Isn’t that illegal? I wouldn’t pursue this career path, although it’s 100% illegal.

Hacking other companies is considered espionage. Government information is mainly kept electronically, so accessing government agencies or third-party providers can be beneficial. Some governments also use cybercrime as a revenue source. North Korea is…

Source…

Magniber ransomware being spread in the guise of a legit Microsoft Edge and Google Chrome update

/in


, , , , , ,

search relation.

, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

 

Source…