The Cybersecurity and Infrastructure Agency (CISA) released a joint cybersecurity advisory with the Multi-State Information Sharing and Analysis Center(MS-ISAC), and the National Security Agency (NSA) to alert organizations about the use of legitimate remote monitoring and management software in malicious attacks on networks. CISA was able to identify a large scale cyber campaign where bad actors sent out phishing emails containing downloads for legitimate RMM software including ConnectWise and AnyDesk. They then used these applications to implement a refund scam to steal money from victims.
CISA has tracked a number of phishing emails sent since June 2022 to various government emails containing help desk-themed language and links to an outside source for users to click on. This link either asks the victim to call the cyber criminals or visit a malicious domain they've set up. This domain, once visited, is primed to download an executable that gives these cyber criminals access to install RMM software. From here they are able to establish command and control over a host and wreak havoc on the network.
CorpInfoTech works with clients who use ConnectWise and AnyDesk, however we were able to respond to the situation in a timely manner with tangible results. Not only did CorpInfoTech already have controls implemented to safeguard our clients from these types of attacks, but we were able to respond within 30 minutes of the CISA alert being made public. We didn't just stop at mitigating the immediate issue. We implemented protective controls broadly across our client base for this attack as well as other similar ones.
Our managed service offering doesn't just react to the latest breaches or security exploits, we take a proactive approach to security that finds an organizations vulnerabilities before the bad guys do. Some of the malicious domains contained in the CISA alert had been previously classified as malicious due to our own threat intelligence network for over 60 days. This ensures that our clients are secure before the bad actors even try to breach them.
If you're organization is looking for a qualified MSP to protect your organization from external threats, look no further than CorpInfoTech. Through our holistic and proactive approach to security we can provide enterprise level security to small-medium sized businesses.