Ransomware attackers pose under support for the support network at 3 a.m.
Cyber criminals are becoming smarter. Not by developing new malware or exploiting zero-day vulnerabilities, but by pretending to be useful IT support for desk workers.
Attackers involving a 3 a.m. ransomware team have combined a variety of different technologies to trick targeted employees into helping them break into the network.
It’s like this.
First, employees of a company found that their inbox bombed unsolicited emails in a short time, which was actually impossible to work effectively.
Meanwhile, the attacker is calling employees pretending to be from the organization’s legitimate IT support department. Scammered phone numbers help with call credibility.
The employee then answered the call. They find themselves talking to people who sound professional to help solve their email problems.
Spoofing IT Support Desk Staff is actually a malicious hacker who cheats on their target victims Quick Assistance – a tool pre-installed on Windows systems – and grants remote access so that the problem can be “solved”.
Once connected, the attacker is free to deploy its malicious payload on the employee’s PC.
As security firm Sophos explains, virtual machines are deployed on trade-off machines to try to evade detection from security software, while attackers roll out a series of commands to create new user accounts and gain administrator privileges.
Sophos said it has seen cybercriminals attempt to penetrate hundreds of gigabytes of data from the attack.
The only reason for such a job attack is because workers are deceived by criminals who are social engineering masters, obey their orders (in which case, allowing attackers to quickly assist remote contact via Microsoft)
All organizations must work hard to train their employees to better defend the various attacks that can be carried out against them, including social engineering skills. Many employees may misunderstand that hackers can only operate over the Internet and can trust real-life phone calls.
Unfortunately, the phone cannot be trusted automatically.
Additionally, it is wise for IT teams to look for abnormal activity (such as falling off a lot of data) throughout the network and consider using tools like Microsoft Quick Assiss unless Microsoft Quick Assis is indeed required.
As social engineering attacks become more complex, companies must prepare for the next major violation, which may not start with a virus or phishing email, but with a very convincing call.
Editor’s note: The opinions expressed in this article and other guest authors’ articles are only the opinions of the contributor and do not necessarily reflect Ford’s opinions.
