Hackers use web-based project management BaseCamp to attack networks
It’s never a dull moment when it comes to our Cybersecurity and Digital Privacy investing theme and the corresponding index given that hackers are constantly looking for vulnerabilities and other gaps to exploit. According to a new report, phishing campaigns that distribute malware or steal your login credentials have started to use Basecamp, a web-based project management solution that allows people to collaborate, chat with each other, create documents, and share files. It appears once again the ongoing game of one upmanship between cyber attackers and cyber defenders is poised to continue as the way we live, work and play become increasingly digital.
Security researchers MalwareHunterTeam and James have found that threat actors are distributing BazarLoader executables using public Basecamp download links.
BazarLoader is a stealthy backdoor Trojan from the TrickBot gang used against high-value targets to compromise their networks. Once installed, BazarLoader will deploy Cobalt Strike beacons that allow threat actors to access the network and ultimately deploy the Ryuk ransomware.
By abusing safe services such as Basecamp to host malicious files and phishing pages, users can be lulled into a false sense of trust and open files that they normally would not.
Furthermore, by using Basecamp URLs, threat actors can create carefully constructed and targeted campaigns to infiltrate a network as users may feel that the file is from their Basecamp project.
