Buscar
  • juanjomartinez56

Another attack using the software for remote assistance raises concern.

UAE and Kuwait government agencies have been attacked by the Iranian Muddy Water, using a remote management tool, Screen Connect. ūüĖ•


Ravie Lakshmanan describes in The Hacker News the process the attackers follow. ūü§ď


They start by a phishing email, masquerade to come from the Kuwait Ministry of Foreign Affairs, and take the victims to a legitimate file storage site to download content related to foreign relations and other matters. ūüď¨


The content comes on a .zip file, which also contains the executable of Screen Connect, a legitimate remote control software not detected by the AntiVirus. ūüóā


A few days ago, another remote management tool, Teamviewer, was used by a cybercriminal to get access to the controls of a Water Supply Plant in Florida and raise the levels of Sodium Hydroxide. ūüí£


In both cases, the exploitation of legitimate software, typically used for remote support purposes, has been used as a vector of attack. This raises concern as software for remote assistance is installed in most computers.

ūüď≤


Have you checked the existence of remote control software in your organization? ūü§Ē


Do you have mechanisms and alerts to control the execution of this software? ‚ö†ÔłŹ


Links:

Ravie Lakshmanan's article: https://www.linkedin.com/posts/juanjomartinezpagan_otsecurity-cybersecurity-authentication-activity-6764825782876442624-jtbe

LinkedIn post and comments: https://www.linkedin.com/posts/juanjomartinezpagan_cybersecurity-informationsecurity-cyberattacks-activity-6767371486379433984-9tXO

0 vistas0 comentarios

Entradas Recientes

Ver todo