Ongoing Phishing Campaign Targets Healthcare and Cryptocurrency Users via ScreenConnect

Cyble Research and Intelligence Labs (CRIL) has unearthed a sophisticated phishing campaign that specifically targets the cryptocurrency community and healthcare organizations within the United States. The modus operandi involves the distribution of ScreenConnect, a legitimate tool by ConnectWise Inc., repurposed for malicious use through phishing websites. This tactic not only demonstrates the attackers’ advanced capabilities but also their intent to infiltrate and compromise victim systems. The operation’s emphasis on both cryptocurrency enthusiasts and healthcare providers signals a wide-ranging threat with potentially significant repercussions. 

The campaign showcases a high level of sophistication, employing strategies such as subdomain takeover to host the phishing sites, which indicates the malicious actors’ technical prowess. By misusing ScreenConnect, these threat actors gain unauthorized system access, paving the way for further malicious activities. The pattern of repeated attacks against the healthcare sector, in particular, reveals a targeted approach to exploit vulnerabilities in this industry. This situation underscores the urgent need for increased security vigilance and awareness among the individuals and organizations within these sectors to mitigate the risk of falling victim to such phishing schemes. 

Read the full analysis here.

Cyble partners with Risk Associates at LEAP, Riyadh

Ready to elevate your cybersecurity knowledge and discover cutting-edge strategies for protecting your organization? Don’t miss this opportunity to connect with us at the upcoming LEAP 2023-KSA Event. We invite you to visit us at booth no. H5-E78 for a chance to delve into the world of cybersecurity. This event is a prime platform for insightful discussions and learning about the latest in threat intelligence and cybersecurity solutions.

Joining forces with Risk Associates, Cyble is set to showcase our expertise and innovative approaches to cybersecurity at the LEAP event, taking place from March 4th to 7th, 2024, at the Riyadh Exhibition and Convention Center, Malham, Saudi Arabia. The event will occur from 10:30 AM to 7:00 PM, offering ample time for attendees to engage with industry experts. Whether you’re looking to implement robust cybersecurity measures or simply interested in the latest tech trends, LEAP 2023-KSA is the place to be.

Learn more here.

Cyble Odin – A potent search engine for Scanned Internet Assets.

Check out the industry-leading search engine for Internet Scanned Assets. With capabilities spanning over 3 billion IPs, 600+ services, 20+ modules, and 300+ ports, ODIN is an essential tool for cybersecurity professionals. This latest solution from Cyble is constantly improving, with new features being added regularly to take your scanning to the next level. Follow Odin on LinkedIn for regular updates.

Odin’s Host Search feature enables precise identification of specific service hosts, offering detailed insights such as IP addresses, hostnames, and locations. Furthermore, Odin’s Certificate Search gives users insights into digital certificates of websites, providing vital details like fingerprints and issuer validity. Additionally, its comprehensive display of Common Vulnerabilities and Exposures (CVEs) presents crucial security vulnerability information to cybersecurity researchers and infosec personnel.

Try Odin for free today!

Ransomware attacks see a sharp rise

At the end of 2023, ransomware attacks effectively doubled, marking a year filled with disruptions among established threat groups and the surfacing of new, aggressive factions, further complicating the digital security challenges faced by organizations worldwide. This proliferation of ransomware activities underscores the evolving nature of cyber threats and the continuous need for robust cybersecurity measures to counteract these malicious endeavors.

On a geographical scale, the impact of cybercrime exhibited distinct patterns, with the United States bearing the brunt of these ransomware attacks. Following closely, India emerged as a significant target, with its Government, Law Enforcement Agencies (LEA), and sectors within the Banking, Financial Services, and Insurance (BFSI) domain experiencing heightened targeting.

Explore Cyble’s analysis of Ransomware and other major cyber threats in our Annual Threat Landscape Report.

Related