Cybercriminals have found a new way to exploit legitimate tools to carry out malicious attacks. Researchers in cybersecurityCybersecurity solutions are essential in the digital age. have raised concerns about the misuse of the remote access software AnyDesk, which attackers use to infiltrate systems and impersonate CERT-UA, Ukraine’s Computer Emergency Response Team.
Malicious Use of AnyDesk
The remote access software AnyDesk, widely used by businesses and individuals, has been exploited by attackers posing as security auditors on behalf of CERT-UA. According to recent reports, these cybercriminals send connection requests through AnyDesk claiming to conduct security checks when they are actually seeking unauthorized access to victims’ systems.
According to CERT-UA, the attackers have used the AnyDesk identifier “1518341498,” although this may vary in different incidents. Through social engineering techniques, cybercriminals manage to gain users’ trust, allowing remote connections without raising suspicion of a threat.
Risks and Modus Operandi of the Attackers
The attack relies on trust and the apparent legitimacy of the request. In some cases, criminals use the CERT-UA logo and other visual elements to convince victims. Once remote access is gained, they can:
- Extract sensitive information.
- Install malware or ransomware.
- Take control of systems for future attacks.
CERT-UA has warned that while AnyDesk software may be used by their team under certain circumstances, it is only done so after prior agreement and through established communication channels.
Prevention and Defense Measures
In light of the growing exploitation of remote access tools, experts recommend adopting proactive defense strategies:
- Verify the authenticity of any remote connection request by directly contacting the organization supposedly conducting the audit.
- Restrict the use of AnyDesk and other similar tools to active sessions only, disabling them when they are not needed.
- Implement real-time detection and response solutions, such as those provided by cybersecurity platforms like SOCA SOC, short for Security Operations Center. Prime, which help identify anomalies in the use of AnyDesk.
- Follow the MITRE ATT&CK framework, which helps improve visibility into malicious behavior patterns related to remote access tools.
Conclusion
The misuse of AnyDesk once again highlights the importance of cybersecurity and the need for proper training to recognize potential threats. Companies and individual users must remain vigilant against this type of attack and adopt protective measures to avoid compromising their systems’ security. CERT-UA and other cybersecurity organizations continue to work to detect and mitigate such threats, urging the community to report any suspicious activity related to unsolicited remote access.
via: SocPrime