https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-new-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
    • IWCE’s Video Showcase
    • IWCE 2022 Winter Showcase
    • IWCE 2023 Pre-event Guide
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookie Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Omdia Crit Comms Circle Podcast
    • Galleries
    • IWCE’s Video Showcase
    • IWCE 2023 Pre-event Guide
    • IWCE 2022 Winter Showcase
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
    • Sponsored content
  • IWCE
    • Back
    • Conference
    • Why Attend
    • Exhibitor Listing
    • Floor Plan
    • Exhibiting Information
    • Join the Event Mailing List
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Terms of Service
    • Privacy Statement
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

Cybersecurity


Partner content

Federal agencies infested by cyberattackers via legit remote-management systems

Federal agencies infested by cyberattackers via legit remote-management systems

  • Written by Nate Nelson / Dark Reading
  • 26th January 2023

It has come to light that hackers cleverly utilized two off-the-shelf remote monitoring and management systems (RMMs) to breach multiple Federal Civilian Executive Branch (FCEB) agency networks in the US last summer.

On Jan. 25, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint advisory detailing the attacks, warning the cybersecurity community about the malicious use of commercial RMM software, and offering mitigations and indicators of compromise to watch out for.

IT service providers use RMMs to remotely monitor and manage clients’ networks and endpoints. But hackers can use the same software to bypass typical software control policies and authorization requirements on victim computers — as the US government found out.

How Hackers Breached the Government With RMMs

Last October, CISA conducted a retrospective analysis of Einstein — its intrusion detection system, deployed across FCEB agencies. The researchers found, perhaps, more than they’d bargained for.

In mid-June last year, hackers sent a phishing email to an FCEB employee’s government address. The email prompted the employee to call a phone number. Calling the number prompted them to visit a malicious Web address: “myhelpcare.online.”

Visiting the domain triggered the download of an executable, which then connected to a second domain, which is where two RMMs — AnyDesk and ScreenConnect (now ConnectWise Control) — came into play. The second domain didn’t actually install AnyDesk and ScreenConnect clients onto the target’s machine. Instead, it went backward: downloading the programs as self-contained, portable executables, configured to connect back to the threat actor’s server.

Why does this matter? “Because,” the authoring organizations explained, “portable executables do not require administrator privileges, they can allow execution of unapproved software even if a risk management control may be in place to audit or block the same software’s installation on the network.”

Having made a mockery of admin privileges and software controls, the threat actors could then use the executable “to attack other vulnerable machines within the local intranet or establish long term persistent access as a local user service.”

It turns out, though, that the June compromise was merely the tip of an iceberg. Three months later, traffic was observed between a different FCEB network and a similar domain — “myhelpcare.cc” — and further analysis, the authors recalled, “identified related activity on many other FCEB networks.”

Despite targeting government employees, the attackers appear to have been financially motivated. After connecting to target machines, they enticed victims to log in to their bank accounts, then “used their access through the RMM software to modify the recipient’s bank account summary,” the authors wrote. “The falsely modified bank account summary showed the recipient was mistakenly refunded an excess amount of money. The actors then instructed the recipient to ‘refund’ this excess amount to the scam operator.”

To read the complete article, visit Dark Reading.

 

Tags: Alerting Systems Analytics Applications Critical Infrastructure Cybersecurity DHS Enterprise Federal Government/Military Funding Incident Command/Situational Awareness Interoperability News Policy Public Safety Security Software State & Local Government System Design System Installation System Operation Test & Measurement Tracking, Monitoring & Control Training Partner content

Most Recent


  • Verizon, NTT among service providers narrowing private 5G focus
    While private 5G network hype hasn’t slowed down, service providers are starting to narrow their focus as some enterprise verticals are easier to enter than others. For example, manufacturing is frequently touted as a use case for private 5G, but Omdia analysts have said manufacturing is historically slower to adopt new technology. “The verticals where companies are […]
  • Report: Technology is encouraging unprecedented collaboration in local-government organizations
    From the way people communicate to daily work norms, technology and other drivers are encouraging unprecedented collaboration in local governments, disintegrating walls that have traditionally kept organizations siloed. A new report from Deloitte predicts a number of trends within government centered around this shift. “This year, we have one overarching theme to the trends, which is […]
  • Insurance challenges to partial-autonomous-vehicle safety
    A clamp down is underway in the United States. This may be partly due to the accidents that have occurred over recent years involving Tesla vehicles that were driving on Autopilot. Some drivers have mistakenly paid the price by thinking that Autopilot means that their vehicles are fully autonomous. In fact, the system is meant […]
  • Whatever happened to the Hyperloop?
    A decade after tech billionaire Elon Musk floated the idea of building a fifth mode of transportation called the Hyperloop, the project seems to be losing momentum. Last November, an above-ground test tunnel for Hyperloop pods that sat in front of SpaceX’s Hawthorne, California facility was reportedly removed. There is no Hyperloop service in the […]

Leave a comment Cancel reply

To leave a comment login with your Urgent Comms account:

Log in with your Urgent Comms account

Or alternatively provide your name, email address below:

Your email address will not be published. Required fields are marked *

Related Content

  • Cybercrime ecosystem spawns lucrative underground Gig Economy
  • Self-driving cars present terrorism risk, FBI director says
  • Federal agencies infested by cyberattackers via legit remote-management systems
    Newscan: Police software vendor breach exposes personal data, raid plans
  • Ransomware profits decline as victims dig in, refuse to pay

Commentary


Updated: How ‘sidelink’ peer-to-peer communications can enhance public-safety operations

  • 1
27th February 2023

NG911 needed to secure our communities and nation

24th February 2023

How 5G is making cities safer, smarter, and more efficient

26th January 2023
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


UrgentComm

Verizon, NTT among service providers narrowing private 5G focus dlvr.it/SlQjJH

24th March 2023
UrgentComm

Report: Technology is encouraging unprecedented collaboration in local-government organizations dlvr.it/SlQZT1

24th March 2023
UrgentComm

Insurance challenges to partial-autonomous-vehicle safety dlvr.it/SlQTHS

24th March 2023
UrgentComm

Whatever happened to the Hyperloop? dlvr.it/SlQQTL

24th March 2023
UrgentComm

Siyata to showcase new PTT device with body camera during IWCE 2023 dlvr.it/SlL0mS

23rd March 2023
UrgentComm

Airbus U.S.: Rebecca Purcell, Bob Baumann discuss MCX, Agnet offerings dlvr.it/SlJNqW

22nd March 2023
UrgentComm

Microsoft Outlook vulnerability could be 2023’s ‘It’ bug dlvr.it/SlC3Hh

20th March 2023
UrgentComm

Getting to know the how–and why–of the telecom cloud dlvr.it/SlBbD1

20th March 2023

Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.