AnyDesk security risk |
Sophos, one of the leading figures in global cybersecurity at the moment, stated in a press release on Monday.
The statement said hackers were trying to attack security control bypass tools using Windows Safe Mode and AnyDesk remote administration tools.
What is Windows Safe Mode? Windows Safe Mode is usually an IT support method that is used to resolve IT-related issues, especially when a remote connection is constantly active through Anydesk.
Sophos recently discovered that AvosLocker attackers install Anydesk so that it can operate in safe mode. This disables other security modes running securely on that desk and enables ransomware to be activated very easily.
This creates a situation where the cyber attackers can have complete control over every machine set up with Anydesk. Even if the target organization locks out its remotely accessed machines, the cyber attackers do not lose that control.
Jump to
Sophos has never seen any of the components used with such ransomware work together.
AvosLocker is a relatively new ransomware service that first hit the market in late June 2021. It has surpassed Sophos in terms of popularity.
Sophos researchers investigating ransomware development have found that the first attacks began on machines connected to PDQ deployments such as "love.bat", "update.bat" or "lock.bat".
It takes about five seconds to execute a command sequence, and it involves disabling Windows Update Services and Windows Defender and then disabling components of a commercial security software solution that can run in safe mode.
How to stop remote access to AnyDesk
Install Legitamed Remote Administration Tool AnyDesk and set it to run in safe mode while connected to the network. Which will ensure continued command and control by the hacker and eventually auto-login and connect with the new account setup.
[Source]
Read more:
Post a Comment