Kickidler Employee Monitoring Software Abused in Ransomware Attacks

In an alarming turn of events, it has recently come to light that ransomware operations are leveraging legitimate Kickidler employee monitoring software to conduct reconnaissance, track victims’ activity, and steal credentials after breaching their networks.

The Modus Operandi

The software, typically designed for employers to monitor employee productivity, is being manipulated by these malicious actors for their nefarious activities.

Post network infiltration, the attackers deploy the monitoring software on the compromised network, providing them a detailed account of the victim’s activity.

This information serves as a pivot point, aiding the perpetrators in escalating their attacks and spawning pivot attacks.

Kickidler’s Functioning and Misuse

On a technical note, Kickidler’s legitimate functions include keystroke logging, windows titles logging, computer screen recording, and internet control.

Misused by malicious actors, these features can become powerful tools for extensive reconnaissance before activating the sinister ransomware.

One real-world example saw an attacker using Kickidler to gain visibility into a company’s backup procedures and schedules.

The rounded-up information was subsequently used to time their ransomware attack, successfully dodging the backup processes and maximizing the impact.

Prevention and Mitigation Measures

Given the abuse of such tools, a dual-pronged approach of preventive and reactive measures is deemed most effective.

Professionals should start by covering their bases, ensuring the possession of updated backups offline or in the cloud that aren’t accessible from company networks.

Security awareness training is also paramount, providing employees with the knowledge needed to spot potential threats.

On the reaction side, organizations should implement an incident response plan to contain the breach swiftly and mitigate potential data loss.

Furthermore, unusual or unlicensed software installations should trigger immediate alerts within your cybersecurity infrastructure.

Need for Vendor Action

Ultimately, this incident underscores the need for vendors to monitor the use of their software vigilantly.

Vendors like Kickidler should strive to implement robust anti-abuse mechanisms, limiting the misuse of their tools by bad actors.

Follow-Up Reading

1. How hackers misuse innocuous software – Reuters
2. How to prepare for an in-depth cybersecurity audit – ExamTopics
3. Ransomware is the hard-nosed business of former insiders gone bad – TechCrunch