Some of the most dangerous threats start with a friendly message. They message employees through familiar platforms pretending to be IT staff and convince them to allow remote access. It looks harmless—until malware steals all data, often without the victim even realizing it. Since October 2024, dozens of North American and European companies have been compromised. Inovasys clients weren’t.
Inovasys doesn’t just know about this tactic—it has already neutralized it in client environments through its advanced cybersecurity and cyber defense services. With Inovasys, clients don’t second-guess. They stay protected.
A sophisticated attack is underway where threat actors impersonate legitimate IT staff and contact employees through familiar platforms like Microsoft Teams. They use social engineering to convince victims to allow remote access to their systems, often through legitimate tools like Quick Assist. This appears harmless—until malware steals all data, often without the victim even realizing it. The attackers leverage this remote access to download and install a malicious backdoor known as BackConnect, which is often concealed within legitimate applications like OneDrive.
This BackConnect malware, which has been linked to the notorious QakBot loader, provides threat actors with persistent remote control over compromised machines. Its advanced capabilities allow them to execute commands remotely, exfiltrate sensitive data, and even spread laterally to other systems on the same network. The malware is also used to download and deploy other destructive payloads, including Black Basta and Cactus ransomware. The attackers further enhance their operations by hosting and distributing these malicious files using commercial cloud storage services, exploiting misconfigured or publicly accessible storage.
Our cybersecurity team has thoroughly analyzed this threat since its emergence, dissecting its attack methodology from the initial social engineering trick to its sophisticated deployment. Based on this analysis, we have proactively implemented multi-layered security measures and robust monitoring to identify and block such social engineering attempts before they can reach end users. We also ensure that our clients' systems are continuously monitored for unusual activity and suspicious network traffic that could indicate an in-progress attack, ensuring their protection from this and similar threats.
Learn more about our defense strategies on EDI.
Inovasys, founded in 2014, has been a leader in providing advanced technology solutions. By 2020, it became known as a service provider. The company aims to be the best partner for businesses looking to improve their operations with digital technology.