Hackers are abusing free trials of business software to evade detection

Are hackers using your software to target businesses?

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybercrooks are using free trials of Remote Monitoring and Management (RMM) tools to distributeransomware, security experts are warning.

Blackpoint Cyber founder and CEO Jon Murchison says in order to protect from the rising threat, RMM companies need to have more checks and balances on their free trial system, while everyone else needs to have multi-factor authentication (MFA) active on their RMM.

Explaining the stages of the attack, Murchison explained that the attacker would first use phishing to try and obtain the target’s VPN credentials. After logging onto the targetendpoint, the threat actor would then install the trial version of the RMM, and use that to deploy stage-twomalware, usually ransomware.

Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at theend of this surveyto get the bookazine, worth $10.99/£10.99.

Keeping tabs on free trials

The way trial systems are set up is definitely an issue, Murchison says, but the lack of MFA also makes the job easier for crooks.

“The RMM companies need to have a lot more checks and balances on their free trial system—not just letting people download them with no background checks,” he said.

“I think a lot of the big ones do that, but there are some smaller ones, and foreign ones, that don’t. They need to make sure there is some sort of gate with the free trial. You can’t just sign up with a Gmail or some made-up account and get it. You need to talk to people. You need to know you are dealing with a real human and not a bad guy.”

This spiteful new ransomware strain is even more dangerous than usual>Ransomware gangs adopt new techniques to avoid detection>FBI sounds the alarm over virulent new ransomware strain

This is hardly a new issue, though. Murchison further stated that his company has been warning of this threat for a year now, adding that just in the past three weeks, there had been at least five such attacks.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“The message is MSPs really need to look at their software inventory, if they use one RMM and they see another one pop up, that should be something you pay attention to,” the CEO concluded.

Via:CRN

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics