WASHINGTON—Credit unions and other companies are being warned about fraudsters maliciously targeting legitimate remote monitoring and management (RMM) software, the usage of which has grown as more people work from home.
The warning was made in a joint statement from the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) as part of a joint Cybersecurity Advisory (CSA).
In October 2022, CISA noted it identified a widespread cyber campaign involving the malicious use of legitimate RMM software. Specifically, cyber criminal actors sent phishing emails that led to the download of legitimate RMM software—ScreenConnect (now ConnectWise Control) and AnyDesk—which the actors used in a refund scam to steal money from victim bank accounts, the organizations said.
‘Malicious Activity’
“Although this campaign appears financially motivated, the authoring organizations assess it could lead to additional types of malicious activity,” the statement reads. “For example, the actors could sell victim account access to other cyber criminal or advanced persistent threat (APT) actors. This campaign highlights the threat of malicious cyber activity associated with legitimate RMM software: after gaining access to the target network via phishing or other techniques, malicious cyber actors—from cybercriminals to nation-state sponsored APTs—are known to use legitimate RMM software as a backdoor for persistence and/or command and control (C2).”
According to the warning, the use of portable executables of RMM software provides a way for actors to establish local user access without the need for administrative privilege and full software installation—effectively bypassing common software controls and risk management assumptions.
Recommendation Made
“The authoring organizations strongly encourage network defenders to review the Indicators of Compromise (IOCs) and Mitigations sections in this CSA and apply the recommendations to protect against malicious use of legitimate RMM software,” the group stated.
It’s Called Fresh for a Reason. And We Offer Home Delivery. For Free!
The biggest, best and freshest news reporting in credit unions remains free in ’23! Each morning CUToday.info delivers its daily Fresh Today news update offering the latest headlines and breaking news right to your email, with the easy-to-read headlines format allowing you to click on the stories that interest you most in order to learn more.
If you haven’t yet signed up for the new email solution on which CUToday.info has partnered with ResponseGenius, you can do so here. Signing up requires less than one minute of your time—and it’s free!
Please note that after signing up you may need to go to your Spam/Junk folder and mark the morning headlines email as safe. CUToday.info does not provide its list of readers and emails to outside parties, and we will not be contacting you to sell you an extended warranty or sending you any links so you may cash in on an inheritance you didn’t know was coming.
And did we mention it’s free?
Please note and/or make your IT department or email administrator aware the emails will be coming from the domains CUTodayinfo.com and CUTodayinfoReply.com