May 16, 2024 at 07:34PM
Cybercrime gang leverages Microsoft Quick Assist in social engineering attacks to deploy Black Basta ransomware. Microsoft investigates and advises users to be cautious of tech support scams. Organizations are recommended to block or uninstall unused remote management tools to reduce risk. Threat indicators and hunting queries provided by Microsoft for potential malicious activities. Storm-1811 exploits Quick Assist to gain access, leading to remote control and deployment of ransomware.
Based on the meeting notes, here are the key takeaways:
1. A cybercrime gang, identified as Storm-1811, has been exploiting Microsoft’s Quick Assist application in social engineering attacks to deploy Black Basta ransomware on victims’ devices.
2. The attacks involve impersonating IT support through voice phishing, convincing users to grant access via Quick Assist, and then deploying malicious payloads and remote monitoring and management software.
3. Microsoft is actively investigating these attacks and has recommended measures for organizations to mitigate the risk, including blocking or uninstalling Quick Assist if not in use, and utilizing threat-hunting queries to identify malicious activity on networks.
Let me know if you need more information or additional details extracted from the meeting notes.