Hackers are abusing free trials of business software to evade detection

Cybersecurity
(Image credit: Shutterstock / song_about_summer)

Cybercrooks are using free trials of Remote Monitoring and Management (RMM) tools to distribute ransomware, security experts are warning.

Blackpoint Cyber founder and CEO Jon Murchison says in order to protect from the rising threat, RMM companies need to have more checks and balances on their free trial system, while everyone else needs to have multi-factor authentication (MFA) active on their RMM.

Explaining the stages of the attack, Murchison explained that the attacker would first use phishing to try and obtain the target’s VPN credentials. After logging onto the target endpoint, the threat actor would then install the trial version of the RMM, and use that to deploy stage-two malware, usually ransomware.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022end of this survey

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Keeping tabs on free trials

The way trial systems are set up is definitely an issue, Murchison says, but the lack of MFA also makes the job easier for crooks. 

“The RMM companies need to have a lot more checks and balances on their free trial system—not just letting people download them with no background checks,” he said. 

“I think a lot of the big ones do that, but there are some smaller ones, and foreign ones, that don’t. They need to make sure there is some sort of gate with the free trial. You can’t just sign up with a Gmail or some made-up account and get it. You need to talk to people. You need to know you are dealing with a real human and not a bad guy.”

This is hardly a new issue, though. Murchison further stated that his company has been warning of this threat for a year now, adding that just in the past three weeks, there had been at least five such attacks.

“The message is MSPs really need to look at their software inventory, if they use one RMM and they see another one pop up, that should be something you pay attention to,” the CEO concluded.

Via: CRN

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Magnifying glass enlarging the word 'malware' in computer machine code
Microsoft Teams and AnyDesk abused to deploy dangerous malware, so be on your guard
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Microsoft Teams and other Windows tools hijacked to hack corporate networks
Shutterstock.com / kanlaya wanon
Microsoft Teams abused in Russian email bombing ransomware campaign
Hack The Box crisis simulation event
“Everyone will experience a hack” - how incident response can protect your organization
ransomware avast
Hackers spotted using unsecured webcam to launch cyberattack
Hands typing on a keyboard surrounded by security icons
Infostealers on the rise: the latest concern for organizational defenses
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 16 (game #1147)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 16 (game #378)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 16 (game #644)
Three iPhone 16 handsets on show
Apple could launch an iPhone 17 Ultra this year – but we've heard these rumors before
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough