A phishing campaign utilizing two remote monitoring and management (RMM) tools, SimpleHelp and ScreenConnect, has affected over 80 organizations by evading detection and maintaining persistent control over compromised systems. Researchers from Securonix have identified this campaign, named VENOMOUS#HELPER, as a growing trend where attackers leverage legitimate IT tools to blend malicious activities with normal operations, highlighting the need for heightened security awareness and monitoring within organizations.
The most valuable insight for someone in your role is the increasing trend of attackers exploiting legitimate Remote Monitoring and Management (RMM) tools like SimpleHelp and ScreenConnect to bypass traditional malware detections and maintain persistent access to systems. This tactic emphasizes the need for robust endpoint detection and response (EDR) capabilities and application whitelisting to prevent unauthorized use of such tools, highlighting a shift towards leveraging trusted software in cyber attacks.