Another attack using the software for remote assistance raises concern.
UAE and Kuwait government agencies have been attacked by the Iranian Muddy Water, using a remote management tool, Screen Connect. 🖥
Ravie Lakshmanan describes in The Hacker News the process the attackers follow. 🤓
They start by a phishing email, masquerade to come from the Kuwait Ministry of Foreign Affairs, and take the victims to a legitimate file storage site to download content related to foreign relations and other matters. 📬
The content comes on a .zip file, which also contains the executable of Screen Connect, a legitimate remote control software not detected by the AntiVirus. 🗂
A few days ago, another remote management tool, Teamviewer, was used by a cybercriminal to get access to the controls of a Water Supply Plant in Florida and raise the levels of Sodium Hydroxide. 💣
In both cases, the exploitation of legitimate software, typically used for remote support purposes, has been used as a vector of attack. This raises concern as software for remote assistance is installed in most computers.
Have you checked the existence of remote control software in your organization? 🤔
Do you have mechanisms and alerts to control the execution of this software? ⚠️