The answer to these questions are going to be interesting. One particular product is being used to handle meetings, especially when it comes to meetings between many people where companies are involved. The other is another product used quite regularly to allow people to get assistance on their machine by others, but unfortunately, it is not accessible by those using access technology to my knowledge. The third, I’ve never even heard of until this article.
This is sad, because I know of a company that actually made their remote product fully accessible, and I checked it out. Unfortunately, it is pricey, and while I’m not knocking it, at this point, I don’t need it. But I’ll keep them in mind if I do.
Let’s get started with answering some questions. Let’s dive in!
The name of the actor group responsible was once named Conti, REvil and others before it was now part of this group, says the article. If you guessed Black Basta, you’re correct.
As for the product that is well known, Black Basta first used a ploy to spam users with verifications of signups, newsletters and other non-malicious content. Then, to solve the problem, they would once call the suspecting employee who would be tricked in to installing this popular software where the actors can remotely control the machine and get the malware installed. That product is called Any Desk.
I was actually asked to install the program by a tech at a company, who gave me a link to the installer. Unfortunately, Anydesk is not accessible, even to install!
Now, to what Black Basta is up to now.
Black Basta is still stealing shit, and tons of it.
The names on the accounts make it look like you’re talking to Microsoft, and use names like support, support admin and other types of names like this to get you to believe they are an admin of the company.
The names could include help desk, with white space to make it look like its centered instead of left justified as an example.
While QR codes were sent in chat, researchers were not able to understand what the purpose of the QR codes are.
The external Microsoft Teams users are originating from Russia, which is probably not a surprise to this readership anyway.
The other application which I’ve never eard of is called Quick Assist.
Wikipedia on Quick Assist and installing quick assist from Microsoft support
The Microsoft page linked does have a question and answer section which may be of interest. Note! The JRN has never used this tool and can’t vouch for it.
Our good friend, Cobolt Strike is eventually installed on the machine, says the article. The article also talks about what else you can do.
To read more about the recent threat that Black Basta provides now, please read the Bleeping Computer article titled Black Basta ransomware poses as IT support on Microsoft Teams to breach networks and please be aware of what you’re installing and why.
We provide this for informational purposes, and we don’t want to see people unnecessarily hurt by something they do. Of course, we’re not responsible for what you decide to install, but articles like these can help you so you understand how you can get tricked and better defend yourself against these types of attacks.
As shown here, this attack uses multiple components, an email blast that overwhelms the users’ inbox, followed by social engineering to get you to do something to supposedly “solve the problem” (in quotes) although they could in fact be causing more problems than just deleting the unwanted email and not baiting on installing software you know nothing about.
While I’m familiar with Anydesk and what its intent is, I never got it to work, and I’ve linked here to the official web site to get the official app. Don’t be fooled. Ask questions and make sure you’re getting the legitimate app, and even if you do, make sure you’re scanning other stuff they’re installing if at all possible. Always trust who has access to your PC no matter what remote tool you use, whether its the tools above, or something else you’re using that is very familiar to you.
You’re always welcome to ping and ask questions of this network, and if we can, we can do some research for you to determine what’s going on.
I hope this article is of value, and thanks so much for reading!
We appreciate your support. Make it a great day!
Discover more from Jared's Technology podcast network
Subscribe to get the latest posts sent to your email.