The Federal Office for Cybersecurity (OFCS) is warning of new attack methods targeting Swiss companies. The Black Basta ransomware gang hopes to thwart the measures via an avalanche of spam followed by purported help from the help desk via Teams.
The Federal Office for Cybersecurity (OFCS) is warning of the occurrence of sophisticated attacks of a new type in Switzerland. Perpetrated by the Black Basta gang, phishing campaigns aim to thwart companies’ ever-increasing security measures, particularly with integrated firewalls and two-factor authentication.
Black Basta has developed a method which first involves sending an avalanche of spam. The OFCS speaks of 50 to 100 emails per minute (among other things, so-called requests to subscribe to newsletters or online stores, as well as so-called password reset procedures). In the scenario reported by the OFCS, this strategy aims to lead users to seek help from the help desk. “Secondly, the hackers contact the victim via Microsoft Teams and present themselves as a member of the company’s help desk or IT department. These people use misleading names like “Help Desk” to gain the trust of victims,” explains the announcement from the federal office.
During these exchanges, cybercriminals send QR codes that present themselves as those of the company. Since the invitation appears to come from the official help desk, victims usually ignore security warnings. By scanning these QR codes, users unknowingly download malware, allowing attackers to install ransomware. In addition to Microsoft Teams exchanges, hackers also exploit Voice over IP (VoIP) calls to trick victims into installing remote control programs.
Business