Introduction
Do you use Skype?
What about Microsoft Teams?
Maybe you have AnyDesk to help with remote access to your workplace data?
A new ransomware scam is on the rise, targeting users of these types of professional communication programs. Typical phishing attacks take a dark turn when this ransomware sneaks in.
What Is DarkGate?
DarkGate is a sophisticated piece of malware designed to perform various malicious activities, including data theft, unauthorized access, and system compromise. Distributors have started targeting victims in myriad ways, such as phishing emails, malvertising, SEO poisoning, and more recently, through voice phishing (better known as vishing) via Microsoft Teams.
The hacker group behind DarkGate, sometimes referred to as “BattleRoyal,” has been active since at least 2017. They have used a variety of tactics, techniques, and procedures (TTPs) to distribute the malware; including hijacked email threads, fake browser updates, and traffic distribution systems (TDSs). The group has recently shifted to using vishing techniques to gain the initial access to victims’ devices.
In 2023, vishing victims lost an estimated $1.2B. Just like traditional scams that attack via email, other forms of phishing can be very dangerous to your data. Beware any unexpected requests for personal information; and always use encrypted, secure communication channels!
Walking Through the DarkGate Threat
So how does the average DarkGate attack work? Let’s explore a step-by-step guide of ways these scammers trick their victims.
- Initial Contact: The attacker poses as an employee of a known client and contacts the target via Microsoft Teams.
- Social Engineering: The attacker convinces the target to download a remote desktop application, such as AnyDesk.
- Execution: Once the application is downloaded, the attacker uses it to execute malicious commands and install DarkGate on the target’s device.
- Persistence: The malware creates multiple files and registry entries for persistence, allowing the attacker to maintain access to the compromised system.
In 2024, companies paid an average ransom of approximately $12.7M per attack.
Protecting Yourself From Phishing Scams
Like vishing, smishing and any other kind of phishing attack, the best way to defend yourself against this attack, and any similar threats, is to stay aware. Learn about new tactics, like DarkGate, and remember how to spot red flags and report suspicious behavior.
Here are some helpful reminders about staying safe!
- Be cautious with unexpected contacts. Verify the identity of anyone contacting you through Microsoft Teams or other communication platforms, especially if they ask you to download software or provide sensitive information.
- Use Multi-Factor Authentication (MFA) on all your accounts to add an extra layer of security.
- Regularly update your programs and operating systems to patch zero-day vulnerabilities.
- Pay attention to your trainings on how to recognize phishing and vishing attempts, and report suspicious activity on the network.
- Implement robust security solutions, such as antivirus software and firewalls, to detect and block malicious activities.
By staying vigilant and following these best practices, you can reduce your risk of falling victim to DarkGate and every other kind of ransomware attack, phishing scheme and cyber threat!
The post New “DarkGate” Ransomware Targets Team Communication Apps appeared first on .
