A Boston, Massachusetts based company, LogMeIn that provides software as a service and cloud-based remote connectivity services for collaboration, IT management and customer engagement has fallen prey to the scammers targeting companies' work from home schemes set up due to the ongoing pandemic, the campaign impersonates the remote access tool (RAT) LogMeIn and mines the unsuspecting users' account credentials.
As the number of people working from home increased rapidly, scammers saw it as a golden opportunity to carry out impersonations of remote tools such as Zoom and LogMeIn more blatantly than ever; the first incident being spotted in the month of May confirms the attributions made by the researchers in regard to COVID-19.
In this particular attack, the phishing email appears to be coming from LogMeIn, cautioning the user at the receiving end, of a zero-day exploit present in the LogMeIn Central and LogMeIn Pro- two of the company's products. It goes unsaid that in reality there exists no such vulnerability and victims' are made to follow a link that claims to be LogMein URL but takes the user to a phishing page where they would enter the credentials that would be obtained by the scammers behind the attack. Additionally, the threat actors are also exploiting the security issues that already existed in remote access platforms as a part of this phishing campaign.
While giving further insights, Abnormal Security said “Other collaboration platforms have been under scrutiny for their security as many have become dependent on them to continue their work given the current pandemic,”
“Because of this, frequent updates have become common as many platforms are attempting to remedy the situation. A recipient may be more inclined to update because they have a strong desire to secure their communications.”
In order to avoid being scammed by such phishing campaigns, Ken Liao, vice president of Cybersecurity Strategy at Abnormal, alerted users, "Many of the recent attacks have masqueraded as updates--even more specifically--security updates,"
"As always, users should default to updating applications via the application itself and not via links in emails to prevent not only credential loss but the potential introduction of malware onto their machines."