Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.
Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Third-Party Breach and Missing MFA Contributed to British Library Cyber-Attack
March 11, 2024
The British Library ransomware attack was likely caused by the compromise of third-party credentials coupled with no multifactor authentication (MFA) in place to stop the attackers, despite previous warnings about these risks. This is according to a British Library report that sheds new light on the October 2023 attack, which shut down digital services and breached ...
- CISA confirms it was breached by attackers using Ivanti flaws
March 11, 2024
One of the organizations compromised through a recently-discovered flaw in Ivanti products was, ironically enough, the US government’s Cybersecurity and Infrastructure Security Agency (CISA). Confirmation of the breach came from CISA itself, as well as from an anonymous source “with knowledge of the situation”, with a CISA spokesperson telling The Record the organization “identified activity indicating ...
- Duvel forced to shut breweries after cyber attack
March 9, 2024
Belgian brewer Duvel has insisted it will have enough beer to keep supply flowing after it was hit by a cyber attack that brought production to a standstill. The company, one of the best-known Belgian beer brands, was hit by a suspected ransomware attack on Tuesday night that shut down five of its production facilities, four ...
- FBI Report Reveals Americans Lost Staggering $3.94 Billion to Crypto Investment Scams in 2023
March 9, 2024
The surge in cryptocurrency scams in 2023, as reported by the FBI, underscores the growing prevalence of digital currency in online crime. With losses reaching $3.94 billion, a 53% increase from the previous year, these scams represent a significant portion of overall investment frauds, which amounted to $4.57 billion. Cryptocurrency scams encompass a range of deceptive ...
- Magnet Goblin Targets Publicly Facing Servers Using 1-Day Vulnerabilities
March 8, 2024
On January 10, 2024, Ivanti published a security advisory regarding two vulnerabilities in Ivanti Connect Secure VPN. These vulnerabilities, which were exploited in the wild, are identified as CVE-2023-46805 and CVE-2023-21887. The exploitation of these vulnerabilities was quickly adopted by a number of threat actors, resulting in a broad range of malicious activities. Check Point Research ...
- Patch now! VMWare escape flaws are so serious even end-of-life software gets a fix
March 8, 2024
VMWare has issued secuity fixes for its VMware ESXi, Workstation, Fusion, and Cloud Foundation products. It has even taken the unusual step of issuing updates for versions of the affected software that have reached thier end-of-life, meaning they would normally no longer be supported. This flaws affect customers who have deployed VMware Workstation, VMware Fusion, and/or ...

