• juanjomartinez56

Another attack using the software for remote assistance raises concern.

UAE and Kuwait government agencies have been attacked by the Iranian Muddy Water, using a remote management tool, Screen Connect. ūüĖ•

Ravie Lakshmanan describes in The Hacker News the process the attackers follow. ūü§ď

They start by a phishing email, masquerade to come from the Kuwait Ministry of Foreign Affairs, and take the victims to a legitimate file storage site to download content related to foreign relations and other matters. ūüď¨

The content comes on a .zip file, which also contains the executable of Screen Connect, a legitimate remote control software not detected by the AntiVirus. ūüóā

A few days ago, another remote management tool, Teamviewer, was used by a cybercriminal to get access to the controls of a Water Supply Plant in Florida and raise the levels of Sodium Hydroxide. ūüí£

In both cases, the exploitation of legitimate software, typically used for remote support purposes, has been used as a vector of attack. This raises concern as software for remote assistance is installed in most computers.


Have you checked the existence of remote control software in your organization? ūü§Ē

Do you have mechanisms and alerts to control the execution of this software? ‚ö†ÔłŹ


Ravie Lakshmanan's article: https://www.linkedin.com/posts/juanjomartinezpagan_otsecurity-cybersecurity-authentication-activity-6764825782876442624-jtbe

LinkedIn post and comments: https://www.linkedin.com/posts/juanjomartinezpagan_cybersecurity-informationsecurity-cyberattacks-activity-6767371486379433984-9tXO

0 vistas0 comentarios

Entradas Recientes

Ver todo