At a glance.
- Joint advisory warns of remote monitoring and management software abuse.
- DRAGONBRIDGE spam network disrupted.
- Iranian threat actors reported active against a range of targets.
- UK's NCSC warns of increased risk of Russian and Iranian social engineering attacks.
- A look at trends, as seen by CIOs.
Joint advisory warns of remote monitoring and management software abuse.
The US Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have released a joint advisory outlining the abuse of legitimate remote monitoring and management (RMM) software. The advisory describes a large, financially motivated phishing campaign that managed to compromise “many” Federal civilian executive branch (FCEB) networks.
The advisory states, “In this campaign, after downloading the RMM software, the actors used the software to initiate a refund scam. They first connected to the recipient’s system and enticed the recipient to log into their bank account while remaining connected to the system. The actors then used their access through the RMM software to modify the recipient’s bank account summary. The falsely modified bank account summary showed the recipient was mistakenly refunded an excess amount of money. The actors then instructed the recipient to ‘refund’ this excess amount to the scam operator.”
The agencies note that while this campaign was financially motivated, “the access could lead to additional malicious activity against the recipient’s organization—from both other cybercriminals and APT actors.”