The U.S. government’s cybersecurity agency has warned that criminals could use legitimate remote desktop software to compromise federal agencies, given that such software poses a low barrier to entry for criminals. Compromised computers could be used by the thief or the criminal organization they represent in order to gain access to sensitive information or steal money from unsuspecting victims.
The cyber campaign is suspected to have started in late 2016 and continued through at least this past February. CISA, the NSA, and DHS are all working together to track down the hackers and stop them from continuing their activities.
CISA said the suspected malicious activity on FCEB systems was the result of a coordinated effort by Chinese intelligence agencies to gain access to sensitive government data.
CCP Games has announced that its upcoming massively multiplayer online role-playing game (MMORPG) EVE Online will become free to play this December. EVE Online, which is estimated to be worth around $314 million, has been the subject of a financial motivation phishing campaign first uncovered by threat intelligence firm Silent Push.
The malware used in this campaign was possibly designed to gather sensitive information, including login credentials for those employed by the federal government. While it is not clear how much data the attackers managed to steal, their goal seems to have been financial rather than intellectual. While these kinds of attacks are common enough that many taxpayers are likely aware of them, they can still be costly for organizations whose employees fall victim.
In recent months, cybercriminals have been successfully using phishing emails to steal money from unwitting victims. The latest example is a scam that uses legitimate remote access tools, such as ScreenConnect and AnyDesk. These tools can allow administrators near-instant access to an employee’s computer with minimal interaction from the user, but these have been abused by cybercriminals to launch convincing-looking scams. In this particular case, the hackers installed malware on the computers of unsuspecting victims in order to steal their bank account information and funds.
The cybercriminals were able to trick the employee into refunding an excess amount of money to their bank account, which helped them steal more money from the victim’s account.
The implications of the CISA report are alarming. It is not clear yet how the attackers precisely exploit remote access software to gain access to government networks, but they could also use it as a backdoor to maintain persistent access. This would allow them to carry out other attacks against the target organization, such as cybercriminals and APT actors.