- Campaign targeted more than 900 companies with sophisticated phishing lures
- The goal was to implement a remote monitoring and management tool
- Hackers change goals and priorities and businesses need to adapt
More than 900 organizations have been targeted by a very convincing phishing attack that tried to implement a legitimate remote monitoring and management (RMM) solution and access to target points without raising alarms.
A new report by security researchers at abnormally claimed that criminals would use compromised email accounts and conversation threads, AI-generated phishing sites and would abuse legitimate file sharing video conference platforms to decay zoom and Microsoft teams with authentic-looking emails.
The goal was to get the victims to install Connectwise Screenconnect, a legitimate IT tool that was recycled to full remote access. Instead of stealing passwords lures attackers victims to give them control at the administrator level over business systems. Once inside, they launch the account takeover, lateral phishing campaigns and data theft while mixing with normal IT activity.
Targeting education and religious groups
Among the 900 companies that were so far attacked, the researchers found that the majority were in education and religious groups (14.4%), healthcare and pharma (9.7%) and financial services (9.4%), with other industries such as insurance, legal, retail, manufacturing and tech, which were also strongly targeted. Most victims are in the US, UK, Canada and Australia.
The attacks are run by a dark web market space selling Screenconnect “Attack Kits” for a few thousand dollars along with network access, resold for $ 500- $ 2,000.
Some suppliers even offer $ 6,000 custom packages of training and support, which effectively converts the abuse of Screenconnect into a Rat-A-A-A-Service business model.
This campaign highlights a dangerous shift, believes abnormal. Instead of breaking into systems, threat actors are now weapons on trusted workplace tools for side -sided defense.
Therefore, companies should adopt AI-driven email security, endpoint monitoring, zero-rust and better personnel awareness training to address these increasingly sophisticated threats.
