Let Cybersecurity Dive’s free newsletter keep you informed, straight from your inbox.
The attacks have leveraged otherwise legitimate RMM tools like ScreenConnect — now ConnectWise Control — and AnyDesk to launch financially motivated attacks against federal workers.
The advisory included a sample phishing email seen in September that claimed a Geek Squad subscription will be debited from the victim bank account. The email contains a phone number to get the victim to call to cancel the subscription and get a refund.
Though attacks were seen against staff in civilian executive branch agencies, federal officials are concerned that sophisticated actors could use the same techniques against more sensitive targets.
“Malicious actors can leverage legitimate remote monitoring and management software to target national security systems, Department of Defense and defense industrial base personnel and data on work and home devices and accounts,” an NSA spokesperson said.
As part of its mission to secure these agencies and systems, NSA released this guidance “so network defenders can protect their home and work devices and accounts from bad actors,” the spokesperson said.
“As such, RMM has become a more prominent vector for initial access, persistence, and data exfiltration across the [state, local, tribal and territorial governments] and critical infrastructure space, particularly when those organizations are targeted by financially motivated ransomware actors,” said TJ Sayers, cyber threat intelligence manager at the Center for Internet Security.
The advisory cites research from Silent Push, which had been investigating criminal infrastructure that was impersonating PayPal. Researchers found a wide range of impersonated brands and criminal activity poses a threat to a much larger segment of the private sector.
“Our observations indicate that this is intended for a wider victim audience and all businesses should be wary,” Ken Bagnall, founder and CEO of Silent Push, said.
Get the free daily newsletter read by industry experts
The ubiquity of the cloud has left security gaps for organizations, leaving them to navigate a complex vendor landscape and defend their technology supply chain
Everyone wants to stay on good terms with their employer. Threat actors know this too, and they exploit this weakness accordingly. Don’t fall for it.
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
The ubiquity of the cloud has left security gaps for organizations, leaving them to navigate a complex vendor landscape and defend their technology supply chain
Everyone wants to stay on good terms with their employer. Threat actors know this too, and they exploit this weakness accordingly. Don’t fall for it.
The free newsletter covering the top industry headlines
Leave a Reply