By: Jim Lane, LTS CEO
Threat actors are using voice phishing (vishing) attacks via Microsoft Teams to trick victims into installing the DarkGate malware. In a recent case here in Winter Park, the attacker used social engineering to manipulate the victim to gain access and control over a computer system.
The incident involved the victim receiving numerous emails followed by a call via Microsoft Teams from an individual claiming to be an employee of an external supplier. During the call, the victim was directed to download the Microsoft Remote Support application, but the installation through the Microsoft Store failed. Subsequently, the attacker instructed the victim to download AnyDesk via a browser and provided instructions for entering her credentials.
Although this specific attack was stopped before causing any harm, it is noted that similar methods have been utilized in ransomware deployment. Researchers note that DarkGate is typically spread through phishing emails, malvertising, and SEO poisoning, but in this instance, vishing was used to target the victim.
Microsoft has also documented cases where attackers used QuickAssist in vishing attempts to distribute ransomware. Lane Technology Solutions emphasizes the importance of security awareness training to help employees recognize and prevent social engineering attacks, thereby enhancing the organization’s security posture. We encourage our customers to provide employee training to raise awareness about social engineering tactics, phishing attempts, and the dangers of unsolicited support calls or pop-ups is our strongest advice.
LTS empowers your workforce to make smarter security decisions daily. Call us if you need training, phishing prevention, or desire more information.