Criminals are using this top remote access tool to hijack your company networks

Yet another legitimate enterprise software platform is being abused by various cybercriminals to deploy malware and ransomware to unsuspec...

Yet another legitimate enterprise software platform is being abused by various cybercriminals to deploy malware and ransomware to unsuspecting victims. Cybersecurity researchers from The DFIR Report have observed multiple threat actors using Action1 RMM, an otherwise benign remote desktop monitoring and management solution. 

Just as any othe remote management tool out there, Action1 is used by managed service providers (MSPs) and other IT teams to manage endpoints in a network from a remote location. They can use it to handle software patches, software installation, troubleshooting, and similar. 

A BleepingComputer report hints that the criminals are targeting this software in particular, due to the abundance of features it offers in its free version. Namely, up to 100 endpoints can be serviced on the free plan - the only restriction for the free version, which could make it an interesting tool for criminals.

Conti rears its ugly head

Multiple unidentified teams were spotted using Action1 in their campaigns, but one stands out in particular - Monti. This group was first spotted last summer by cybersecurity researchers from the BlackBerry Incident Response Team, and it was later uncovered that Monti shares a lot of traits with the infamous Conti syndicate. 

Conti’s attacks were usually carried out through AnyDesk, or Atera, rather than Action1. The attackers were also observed using ManageEngine Desktop Central from Zoho.

In any scenario, the attackers would use remote monitoring and management tools to install all kinds of malware on victim endpoints, and in some cases - even ransomware. 

Sometimes, the attackers would send an email, impersonating a major brand, and demanding the victim urgently gets in touch in order to stop a large transaction or receives a huge refund. After getting in touch with the victim, they would demand they install RMM software and then use it to compromise the target systems.

The company is aware that its software is being abused for nefarious purposes and is trying to help, although there’s not much it can really do: “Last year we rolled-out a threat actor filtering system that scans user activity for suspicious patterns of behavior, automatically suspends potentially malicious accounts, and alerts Action1’s dedicated security team to investigate the issue,” Mike Walters, VP of Vulnerability and Threat Research and co-founder of Action1 Corporation, told BleepingComputer.

Via: BleepingComputer



from TechRadar - All the latest technology news https://ift.tt/rRXANfP
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,188,Video,5,XIAOMI,13,YouTube - 9to5Google,187,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Criminals are using this top remote access tool to hijack your company networks
Criminals are using this top remote access tool to hijack your company networks
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2023/04/criminals-are-using-this-top-remote.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2023/04/criminals-are-using-this-top-remote.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy