<\/p>\n
<\/p>\n
CISA Alert: Scammers are Now Using Legitimate Remote Access Software to Trick You and Steal Your Money<\/span><\/strong><\/p>\n PLEASE THINK BEFORE YOU CLICK!<\/span><\/strong><\/span><\/p>\n Remote access software is common, legitimate, and useful software. Among other things, remote access software allows remote tech support so that legitimate companies (like ours) can help others remotely.\u00a0 <\/span><\/p>\n But like most useful tools it can be misused. For instance, a hammer can be used as a bludgeon.<\/span><\/p>\n It seems scammers have found yet another way to steal your money using legitimate remote access software (also called “Remote monitoring and management (RMM) software). <\/span><\/p>\n Scammers are sending out ConnectWise Controlphishing emails with download links to legitimate remote-access software apps (usually ScreenConnect\/ConnectWise Control or AnyDesk). Once the software is installed, scammers can take over your computer, and thus gain access to your banking and credit card accounts.<\/span><\/p>\n THINK BEFORE YOU CLICK!<\/span><\/strong><\/span><\/p>\n And this serves as a reminder to us to remind you to THINK BEFORE YOU CLICK. Never click links in emails unless you are certain you know who sent them. Clicking links in phishing emails is the number one way people get their passwords and identities stolen. Once a crook has your passwords, logins, and other sensitive personal information, he\/she can easily steal your money.<\/span><\/p>\n So, please, THINK BEFORE YOU CLICK<\/span><\/strong><\/p>\n Here is the CISA\/NSA Alert.<\/a><\/span><\/strong><\/p>\n The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) (hereafter referred to as the \u201cauthoring organizations\u201d) are releasing this joint Cybersecurity Advisory (CSA) to warn network defenders about malicious use of legitimate remote monitoring and management (RMM) software. In October 2022, CISA identified a widespread cyber campaign involving the malicious use of legitimate RMM software. Specifically, cyber criminal actors sent phishing emails that led to the download of legitimate RMM software\u2014ScreenConnect (now ConnectWise Control) and AnyDesk\u2014which the actors used in a refund scam to steal money from victim bank accounts.<\/span><\/p>\n Although this campaign appears financially motivated, the authoring organizations assess it could lead to additional types of malicious activity. For example, the actors could sell victim account access to other cyber criminal or advanced persistent threat (APT) actors. This campaign highlights the threat of malicious cyber activity associated with legitimate RMM software: after gaining access to the target network via phishing or other techniques, malicious cyber actors\u2014from cybercriminals to nation-state-sponsored APTs\u2014are known to use legitimate RMM software as a backdoor for persistence and\/or command and control (C2).<\/span><\/p>\n Using portable executables of RMM software provides a way for actors to establish local user access without the need for administrative privilege and full software installation\u2014effectively bypassing common software controls and risk management assumptions.<\/span><\/p>\n The authoring organizations strongly encourage network defenders to review the Indicators of Compromise (IOCs) and Mitigations sections in this CSA and apply the recommendations to protect against malicious use of legitimate RMM software.<\/span><\/p><\/blockquote>\n Source:\u00a0 CISA website.<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":" CISA Alert: Scammers are Now Using Legitimate Remote Access Software to Trick You and Steal Your Money PLEASE THINK BEFORE YOU CLICK! Remote access software is common, legitimate, and useful software. Among other things, remote access software allows remote tech support so that legitimate companies (like ours) can help others remotely.\u00a0 But like most useful tools\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":13950,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1680,4422,779],"tags":[4429],"_links":{"self":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/24896"}],"collection":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/comments?post=24896"}],"version-history":[{"count":3,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/24896\/revisions"}],"predecessor-version":[{"id":24907,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/24896\/revisions\/24907"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/media\/13950"}],"wp:attachment":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/media?parent=24896"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/categories?post=24896"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/tags?post=24896"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}