May 17, 2024 at 07:48AM
Cybercriminals using the Black Basta ransomware have abused the Quick Assist remote management tool in vishing attacks. Active since 2022, Black Basta has targeted over 500 organizations worldwide, inflicting over $100 million in ransom payments. Microsoft warns of these attacks on critical infrastructure and is incorporating alerts to combat tech support scams.
Based on the meeting notes, here are the key takeaways:
– Cybercriminals using the Black Basta ransomware have been leveraging the Quick Assist remote management tool in vishing (voice phishing) attacks, as reported by Microsoft.
– Black Basta, a ransomware-as-a-service (RaaS), has been active since 2022 and is believed to have targeted over 500 organizations globally, accumulating over $100 million in ransom payments from victims.
– The US government recently issued a warning about Black Basta affiliates targeting critical infrastructure organizations in North America, Europe, and Australia, including healthcare entities, through social engineering and the exploitation of known vulnerabilities.
– Starting from mid-April 2024, the Black Basta threat actors have been observed conducting vishing attacks wherein they impersonate IT or help desk personnel to persuade victims to install legitimate remote monitoring and management tools, subsequently abusing them for malware deployment.
– Microsoft has observed the threat actors installing tools such as ScreenConnect and NetSupport Manager, followed by the deployment of Qakbot, Cobalt Strike, and Black Basta ransomware.
– The attacks often start with the threat actors flooding victims’ inboxes with multiple email subscription services, followed by impersonating IT support in phone calls to gain access to the victim’s device through Quick Assist.
– Once Quick Assist screen sharing is enabled, the attackers request full control over the device, deploying malicious payloads including fake spam filters that request the victim’s credentials and deploying malware such as Qakbot and Cobalt Strike.
– Microsoft plans to address the abuse of Quick Assist in malicious attacks by incorporating alerts to warn users about potential tech support scams.
These summarised points should provide a clear understanding of the issues discussed in the meeting notes.