One of the most successful actions that cyber threat actors have historically taken is in the use of “phishing” while misrepresenting themselves and convincing people to give up their logins, passwords and/or control of their device. The problem with this is that the users volunteer their information and therefore the breach can’t be prosecuted. Anydesk is a known program that turns over control of their device(s) to the cybercriminals. While it’s used for many real uses, such as collaboration, tech support or even IT management, cyber criminals have accessed it for nefarious uses.
The fact that users are voluntarily allowing cybercriminals access to their devices using a valid program such as anydesk changes the entire landscape of criminality. One could compare it to opening the front door of your home and inviting a criminal inside to steal your personal items. In this situation, law enforcement has no case. However, it should be noted that there are around 1,300 fake anydesk programs on websites that can download malware such as Vidar while taking control of the device. This malware immediately locates and steals credentials such as financial data, logins, passwords, and browser history which is uploaded to the attackers and can be sold on the dark web or other activities that are malicious in nature. Known as “credential flushers,” once given permission, an executable file is downloaded. The StealC malware changes information on the device such as preferred browser, and disabling the pop-up blocking mode.
Cybercriminals have become very sophisticated in their methods of contact and misrepresentation. They depend on users being unaware, naïve or just trusting. Some indicate that they are from known tech organisations and are there to offer assistance in removal of so-called “detected” problems on their devices. Their attack is simple: manipulate the user to trust them and turn over access. If the perpetrators use a valid software, there is little that law enforcement can do. However, if the criminals make use of the fake malware that imitates such programs as anydesk, some actions can be taken.
How to protect yourself
Knowledge is power, and in this there are some actions that you can take to protect yourself and your devices.
- Be wary of any unsolicited communications via text, phone or email where the individuals act like they are attempting to assist you.
- Never click on any links sent via text or email from anyone stating they are trying to assist you.
- Verify any and all software before you download. This can involve going directly to the represented website, calling them, or using your browser to see if this may have been a reported hack attempt.
- Enabling two-factor identification adds an additional level of security. Even if the criminal gains access, they would need the second layer of security to get your information.
Losing your personal information as well as your finances could be devastating; especially if there is nothing that law enforcement can do to pursue the criminals. Taking extra steps to protect yourself is well worth the effort.
“Staying on top of the latest scams and cyber criminal attacks is what DaVinci Cybersecurity specialises in. Our team communicates, counsels and advises to assure that you don’t fall prey to threat actors.”
– Sharon Knowles, CEO DaVinci Cybersecurity
Source:
cybersecuritynews.com/forcing-victims-into-enter-login-credentials/
www.splashtop.com/blog/anydesk-scams#:~:text=Once%20AnyDesk%20is%20installed%2C%20the,often%20associated%20with%20such%20communications.
clcjbooks.rutgers.edu/books/crime-dot-com-from-viruses-to-vote-rigging-how-hacking-went-global/#:~:text=In%20CrimeDotCom%2C%20White%20predominately%20considers,that%20occurred%20over%20that%20span.
