How a vishing attack spoofed Microsoft to try to gain remote access – TechRepublic

npressfetimg-6920.png

A voice phishing campaign spotted by Armorblox tried to convince people to give the attackers access to their computer.

Image: Tero Vesalainen, Getty Images/iStockphoto

A standard phishing attack typically involves sending people an email or text message spoofing a known company, brand or product in an attempt to install malware or steal sensitive information. But a variation called vishing (voice phishing) adds another element, in which the cybercriminals speak with their victims directly by phone or leave fraudulent voice messages. A blog post published Thursday by security firm Armorblox describes a scam in which attackers tried to impersonate Microsoft Defender to coax potential victims to grant them remote access.

SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)  

More about Security

This particular campaign started with phony order receipts for a Microsoft Defender subscription sent via two different emails. Each of the two messages included a phone number to call for any issues related to order returns. Calling one of the numbers triggered the vishing attack in which the criminal instructed the victim to install a program to give them remote access to the person’s computer.

Sent from a Gmail account, the initial emails used a sender name of “Microsoft Online Store” and a subject line of “Order Confirmation No” followed by a long invoice number. The emails borrowed the look and layout of actual emails from Microsoft and even included information on a subscription for Microsoft Defender Advanced Protection that supposedly was ordered by the recipient.

The emails asked the person to contact customer care representatives for more information about the order, including toll-free numbers to call. Since the order was fake, anyone receiving a message like this would naturally be concerned about getting charged for an item they never purchased.

Researchers from Armorblox called both numbers listed in the two emails. One number just rang with no one ever picking up. But the other number was answered by a real person who called himself Sam. Requesting the invoice number listed in the email, “Sam” said that the only way to get a refund was by filling out an information form. To assist the user in this process, Sam suggested installing AnyDesk, a program that provides access to remote PCs.

After the Armorblox folks asked one too many questions, Sam seemed to get suspicious and ended the call. But the intent was clear. The attackers wanted to get victims to install AnyDesk, through which they could then remotely access the person’s PC through Microsoft’s Remote Desktop Protocol. The goal may have been to install malware or ransomware, steal login credentials or grab confidential information.

An attack like this uses several tactics to appear convincing and bypass standard security protection. The emails tried to convey a sense of trust, as it appears to come from Microsoft. They aimed to create a sense of urgency by claiming that the recipient ordered a subscription for something that they obviously didn’t order. The emails didn’t include any links or clearly malicious content that might otherwise prevent it from getting through to someone’s inbox. Further, the emails came from a legitimate Gmail account, allowing them to pass any authentication checks.

To help protect yourself and your organization from these types of vishing scams, Armorblox offers several helpful tips:

  1. Supplement your native email security. The initial emails described by Armorblox snuck past the Google Workspace email security. For better protection, enhance your built-in email security with additional layers that use more advanced techniques. Gartner’s Market Guide for Email Security discusses new methods that vendors introduced in 2020.
  2. Look out for social engineering cues. With email overload, it’s easy to be fooled by a malicious email that appears legitimate at first glance. Instead, you need to engage with such emails in a methodical way. Inspect the sender’s name, email address and the language used within the email. Check for any inconsistencies in the message leading you to ask yourself such questions as: “Why is a Microsoft email being sent from a Gmail account?” and “Why are there no links in the email, even in the footer?”
  3. Resist sharing sensitive information over the phone. Be wary of any unsolicited caller who asks for sensitive information or tells you to download something over the phone. If you feel the phone call is a scam, simply hang up. If the person provides a call-back number, don’t call it. Instead, search the company’s website for a customer service number and call that one.
  4. Follow password best practices. To protect your online accounts, don’t reuse your passwords, avoid passwords that tie into your date of birth or other personal events, don’t use generic passwords and rely on a password manager to create and maintain complex passwords. Further, set up multi-factor authentication (MFA) on your business and personal accounts wherever possible.

Source: https://www.techrepublic.com/article/how-a-vishing-attack-spoofed-microsoft-to-try-to-gain-remote-access/

Remote access

npressfetimg-1249.png
Remote access

Remote Access to Government and Courts is Needlessly Eroding – GlobeNewswire

TORRANCE, Calif., Jan. 31, 2023 (GLOBE NEWSWIRE) — Tragically, it is now almost a daily occurrence for courts and government bodies of all sizes across the nation to eliminate or restrict remote public access and partic…….

Read More
npressfetimg-1176.png
Remote access

New Python malware backdoors VMware ESXi servers for remote access – BleepingComputer

A previously undocumented Python backdoor targeting VMware ESXi servers has been spotted, enabling hackers to execute commands remotely on a compromised system.

VMware ESXi is a virtualization platform commonly used in the enterprise to host numerous servers on one device while using CPU and memory resources more effectively.

The new backdoor was discovered by Juniper Ne…….

Read More
npressfetimg-1103.png
Remote access

Industrial Remote Access Market Size 2023 Global Development … – Digital Journal

PRESS RELEASE

Published January 24, 2023

[Newest Report with 102 Pages] : Industrial Remote Access Market Outlook report covers segment by Applications (Machine Manufacturer, Line Manufacturer, System Integrator), By Types (Industrial VPN Router, Software System) and offers extensive forecasts from 2023-2029.

[No. of Pages 102] | Pre and Post Covid is Covered and Report is Av…….

Read More
Powered by WordPress | WP Magazine by WP Mag Plus