New Phishing Campaign theft LogMeIn Credentials

LogMeIn is another to the list of remote access and collaboration platforms to be targeted by phishing campaigns.

What is happening?

According to researcher observation an upsurge in scams targeting LogMeIn which provides cloud-based remote connectivity services for IT management, collaboration, and customer engagement.  LogMeIn provides single sign-on capabilities with the last pass which means that victims who get duped may lose access to their password manager as well.

Incidents impacting remote working tools

• Slack suffered a data breach where hackers stole user names, email addresses, skype IDs, phone numbers, and passwords.
• This year April,500,000 Zoom accounts were sold on the dark web, while zoombombing Continued.

What the experts are saying

• Organizations these days are increasingly adopting popular online collaboration tools such as Zoom, Slack and malicious attackers to choose their targets.
• The most concerning things that cyberattackers are capable of taking max advantage of the APIs used by this application to gain the total access of an organization’s data with the help of remote software.
• According to the chief product officer of Xypro “These apps have third-party integrations to just about every other enterprise app for this purpose. The challenge becomes to secure and the data what we share are at risk”

What to worry about 

• These are worrying factors that the advancement of AI and ML may affect future attacks more difficult to defend and that may create virtual attackers.
• Third parties always found guilty in sharing sensitive data with other organizations and doing fraud.

Point to be a note

The usage of collaboration software since the onset of the global pandemic.

Most of these platforms are connected with other logins, such as office 365 and G Suite, which can be leveraged by threat actors to gain access to business or personal accounts.

For any Queries, Drop mail @ info@vednam.com