In addition, the link attack vector was hidden using an anchor text impersonation to make it appear to actually be directing to the LogMeIn domain. The cybercriminal is taking advantage of the situation, knowing that a recipient may be more inclined to update right now. Because of this, frequent updates have become common as many platforms are attempting to remedy the situation. Other collaboration platforms have been under scrutiny for their security, as many have become dependent on them to continue their work given the current pandemic. Why the LogMeIn Credential Phishing Attack is Effective Additionally, since LogMeIn has SSO with LastPass as the parent company, it is possible the attacker may be attempting to obtain access to this user’s password manager. Should recipients fall victim to this attack, their login credentials to their LogMeIn account would be compromised. However, it redirects to a phishing page owned by the threat actor.įrom here, the phishing page asks for email address and password. Users may be tricked by the fake URL, as it looks like what they would expect from the system. The user must update by following the link given, which impersonates an actual LogMeIn URL. The email claims to be from LogMeIn, informing the recipient of a patch to a zero-day vulnerability in some of the company’s offerings. Overview of the LogMeIn Credential Phishing Attack This is likely due to various news stories about the troubled infrastructure and security of video conferencing platforms, as cybercriminals can engage with victims and steal credentials while avoiding scrutiny. In May, we began to observe new email attack campaigns impersonating LogMeIn, after previously seeing none. However, we've also seen a rise in attacks on Zoom, Microsoft Teams, and other collaboration tools. Most of these attacks are associated with platforms like Google Workspace and Office 365, which can be leveraged by attackers to gain access to or assault other accounts. We’ve seen an incredible uptick in collaboration software impersonations in the past month as the COVID-19 pandemic has forced people to work at home.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |