CISA Alert: Scammers are Now Using Legitimate Remote Access Software to Trick You and Steal Your Money
PLEASE THINK BEFORE YOU CLICK!
Remote access software is common, legitimate, and useful software. Among other things, remote access software allows remote tech support so that legitimate companies (like ours) can help others remotely.
But like most useful tools it can be misused. For instance, a hammer can be used as a bludgeon.
It seems scammers have found yet another way to steal your money using legitimate remote access software (also called “Remote monitoring and management (RMM) software).
Scammers are sending out ConnectWise Controlphishing emails with download links to legitimate remote-access software apps (usually ScreenConnect/ConnectWise Control or AnyDesk). Once the software is installed, scammers can take over your computer, and thus gain access to your banking and credit card accounts.
THINK BEFORE YOU CLICK!
And this serves as a reminder to us to remind you to THINK BEFORE YOU CLICK. Never click links in emails unless you are certain you know who sent them. Clicking links in phishing emails is the number one way people get their passwords and identities stolen. Once a crook has your passwords, logins, and other sensitive personal information, he/she can easily steal your money.
So, please, THINK BEFORE YOU CLICK
Here is the CISA/NSA Alert.
The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) (hereafter referred to as the “authoring organizations”) are releasing this joint Cybersecurity Advisory (CSA) to warn network defenders about malicious use of legitimate remote monitoring and management (RMM) software. In October 2022, CISA identified a widespread cyber campaign involving the malicious use of legitimate RMM software. Specifically, cyber criminal actors sent phishing emails that led to the download of legitimate RMM software—ScreenConnect (now ConnectWise Control) and AnyDesk—which the actors used in a refund scam to steal money from victim bank accounts.
Although this campaign appears financially motivated, the authoring organizations assess it could lead to additional types of malicious activity. For example, the actors could sell victim account access to other cyber criminal or advanced persistent threat (APT) actors. This campaign highlights the threat of malicious cyber activity associated with legitimate RMM software: after gaining access to the target network via phishing or other techniques, malicious cyber actors—from cybercriminals to nation-state-sponsored APTs—are known to use legitimate RMM software as a backdoor for persistence and/or command and control (C2).
Using portable executables of RMM software provides a way for actors to establish local user access without the need for administrative privilege and full software installation—effectively bypassing common software controls and risk management assumptions.
The authoring organizations strongly encourage network defenders to review the Indicators of Compromise (IOCs) and Mitigations sections in this CSA and apply the recommendations to protect against malicious use of legitimate RMM software.
Even with remote access, they can’t get into bank accounts, med records, etc. if you use a good password manager and strong passwords, can they?
Well they can in a round about way. If you give them remote access to your computer. They can install key stroke logging software and have you access your password manager. And voika, they have record of what you type to enter your password managing app. The short of it, if you did not initiate anything related to the email before, don’t open it, don’t go there. PERIOD.
Thank you Richard, I didn’t think about other things they could install. But maybe others were wondering about the same thing, though, so worth mentioning here. Your absolutely right, of course. Clicking on email links is something i’ve always been extremely cautious with for years. TC and Darcy have screamed it from the mountain top zillions of times.
It seems a bit ironic that after a paragraph of warning readers not to click on links – THINK BEFORE YOU CLICK – you put in a CLICK to read the rest of the article!
Herman, the link I clicked on isn’t in an email, and I trust this particular website not to hide anything nefarious.
Question: We have family and friends that send the occasional email with funny cartoons and/or videos from YouTube. How can we know if, unknown to them, these can also be infiltrated by scammers to access our computer?
I’ve tried 3 X to uninstall Bing to no avail. Is there a “better way” than the ones I’ve tried, which are most obvious? Thank you for all of your HELP, for sure & for many, many years. You’re so very much appreciated.
Joann
Bing is a search engine like Google, DuckDuckGo, Yahoo, etc. You don’t uninstall it, you just switch to a different search engine in your browser. If you let me know what browser (Edge, Firefox, Chrome, etc.) you’re using, I can show you how to switch to a different search engine.