Employees Beware: Phishing Attacks Exploit Remote Monitoring Tools

In the ever-evolving landscape of cybersecurity threats, a new tactic has emerged to infiltrate corporate networks: phishing attacks disguised as remote monitoring and management (RMM) tools. Recent research from Malwarebytes sheds light on this alarming trend affecting unsuspecting employees.

Instead of relying on traditional phishing techniques, cybercriminals have adapted their approach. Through personalized emails and SMS messages tailored to match the potential victim’s role within the organization, these attackers make their move. The message contains a link that appears to lead to a legitimate bank website, enticing the recipient to open a chat support session.

However, the devious twist lies in what happens next. Instead of extracting information directly, clicking the provided link prompts the unwitting employee to download an executable file for the RMM tool. To ensure their malicious intent goes undetected, the attackers employ a genuine, albeit outdated, AnyDesk executable, bypassing security products that would otherwise flag it as harmful.

Malwarebytes researchers have discovered that these threat actors have registered multiple phishing domains, each posing as different financial institutions. All of these domains follow a similar style, emulating the “Live chat on Windows” format. While it remains unclear whether these domains are operated by a single group or multiple criminal gangs, they are primarily hosted on AS200593, a network known for hosting numerous “traditional” phishing sites.

Interestingly, AnyDesk, the very tool being exploited in these attacks, recently suffered a security breach of its own, compromising its production systems. In response, the vendor has taken measures like revoking code signing certificates and partnering with fraud fighters to shut down call centers associated with these criminal activities.

As the threat landscape continues to evolve, it is imperative for organizations to educate their employees about these sophisticated phishing techniques and provide them with the necessary tools to identify and report such attacks. Vigilance and awareness remain the key to mitigating the risks associated with these deceptive tactics.

To learn more about this concerning development, visit the Malwarebytes blog and stay up to date with the latest cybersecurity trends.

FAQ Section:

Q: What is the new tactic used in phishing attacks?
A: Phishing attacks disguised as remote monitoring and management (RMM) tools.

Q: How do cybercriminals carry out these attacks?
A: They send personalized emails and SMS messages to potential victims, containing links that appear to lead to legitimate bank websites.

Q: What happens when the recipient clicks on the provided link?
A: Instead of extracting information directly, the recipient is prompted to download an executable file for the RMM tool, which is actually malicious.

Q: How do attackers ensure their intent goes undetected?
A: They use an outdated, genuine executable file for AnyDesk, a legitimate RMM tool, bypassing security products.

Q: Are these phishing domains operated by a single group or multiple criminal gangs?
A: It remains unclear whether they are operated by a single group or multiple gangs.

Q: What measures has AnyDesk taken in response to the security breach?
A: AnyDesk has revoked code signing certificates and partnered with fraud fighters to shut down call centers associated with these criminal activities.

Q: How can organizations mitigate the risks associated with these phishing attacks?
A: Organizations should educate their employees about sophisticated phishing techniques and provide them with tools to identify and report such attacks.

Definitions:

Phishing: A fraudulent practice where cybercriminals trick individuals into revealing sensitive information by posing as trustworthy entities.

Remote monitoring and management (RMM) tools: Software used to monitor and manage computer systems remotely.

AS200593: A network known for hosting numerous “traditional” phishing sites.

AnyDesk: A remote desktop software that allows users to access and control computers from a remote location.

Suggested related links:
Malwarebytes Blog: Stay up to date with the latest cybersecurity trends.
AnyDesk: Learn more about the remote desktop software mentioned in the article.