Online fraud through AnyDesk is starting to hit hard in Romania as well. A new wave of highly dangerous scams is on the rise, with experts warning that the risk has risen sharply in recent weeks.
Remote access is a method of connecting to services, applications, or data from a location other than where the resource is kept. This connection allows users to access the computer’s desktop, applications, and data remotely. This way of working can be used for efficient administration and management of systems without requiring physical presence at the location where they are located. This method allows IT professionals to troubleshoot problems or monitor resources without being in the same physical location as the device or system to be fixed/monitored.
According to the National Cyber Security Directorate (DNSC), the most used remote access applications are: LogMeIn Pro, TeamViewer, Remote Desktop Manager, Splashtop, Microsoft Desktop Services, Chrome Remote Desktop, Zoho Assist, ISL Online, Parallels, AnyDesk, Remote Utilities for Windows and VNC Connect.
What are the risks of using remote access apps?
If a critical vulnerability is identified in the remote access application, organizations can quickly face a difficult problem. Failure to apply remediation/mitigation measures allows attackers access to internal resources of the organization. If remote work tools are interfered with and blocked, the business continuity of organizations can be affected. For most companies, both scenarios may simply be unacceptable.
It’s good to keep the following threats in mind when exposing your organization’s resources to the Internet:
- Data leaks: Data leaks can occur if the application does not use proper encryption to transmit information between devices or if systems are compromised.
- Phishing attacks can target users who access remote access applications in order to obtain their credentials directly or by causing them to download and run malware.
- Distributed Denial of Services (DDoS) attacks on network access points. This type of attack can disrupt the organization’s operations by blocking or hindering access to its systems/resources.
- Using remote access applications can be a gateway to ransomware, programs that can encrypt data and demand a ransom for its recovery, or other types of malware.
There are also other scenarios that present different risks. Examples include overload caused by strong user growth, a deficiency in the number of licenses/accounts, or unintended disruptions to core systems.
Apps dedicated to remote work are very attractive to cyber attackers because:
• Does not always trigger security tools. Remote access applications are often used for legitimate purposes, so they generally blend into the environment and do not trigger antivirus (AV), antimalware, or Endpoint Detection and Response (EDR) defenses. Remote Management and Monitoring (RMM) applications are signed with valid code signing certificates issued by trusted certificate authorities and are unlikely to be considered suspicious by AV and EDR applications. Most of the time, the installation path of the RMM application is excluded from the EDR inspection.
- It does not require extensive functionality development. Remote access provided by applications allows cyber attackers to circumvent the need to use or create custom malware such as remote access trojans (RATs). The way remote access applications are legitimately used by network administrators is similar to the way RATs are used by attackers.
- They can allow cyber attackers to bypass application management control policies. While bypassing security measures may be necessary, remote access applications can be downloaded as standalone portable executables, allowing attackers to bypass both administrator rights requirements and application management control policies.
Cybercriminals use your phone as a remote control
On the other hand, more and more Romanians are tricked into installing remote access applications such as AnyDesk, TeamViewer or QuickSupport, practically giving cybercriminals a direct “remote control” to their phone or laptop, warn lawyers specializing in digital crime and complex online fraud litigation. Lawyers Buju Stanciu and Associates issue a firm public appeal to the population: never accept the installation of remote control applications (such as AnyDesk, TeamViewer or Zoho Assist), when requested by unknown persons, “investment consultants”, “brokers”, “account managers” or alleged fundraisers.
The message is clear and direct: the request to install such an application is the first signal of a fraud in progress.
Frauds that start with a single click
In recent years there has been an alarmingly high number of cases of people being harmed by fake investment schemes, non-existent crypto platforms or so-called “financial assistance”. They all have one thing in common: the fraudster asks for access to the phone or laptop, under the pretext of helping the victim to “install the app“, “unlock the funds” or “recover losses”.
Once granted access, fraudsters can enter banking applications, initiate transfers, change passwords and take control of the device. Most damage is generated within minutes.
According to the data communicated by DIICOT, in just one investment fraud case it was estimated that approximately 33,000 people were defrauded, with a loss of approximately 89 million euros.
At European level, Europol shows that online fraud and investment scams have become one of the main threats to citizens, with millions of victims targeted or affected each year, especially through digital platforms, aggressive advertising and call center calls.
International data confirm the same phenomenon:
• In the UK, the national authority Action Fraud reported losses of over £50 million in a single year from fraud based on remote access applications alone.
• Similar reports from Canada and other jurisdictions rank investment scams as the number one cause of damage to retail investors.
• European studies on investment fraud show that these online schemes represent a distinct and growing segment of financial crime, fueled by the anonymity and speed of the digital environment.
In parallel, international bodies such as the Financial Action Task Force (FATF) draw attention to the fact that such crimes rely on global infrastructures, use “crime-as-a-service” services and combine wire transfers, crypto-assets and front companies to mask funds.
The conclusion is technically simple, but legally serious: we are talking about an industrialized crime, which causes damages of hundreds of millions of euros and which starts, in many cases, from a seemingly minor gesture: installing a remote access application on a phone or computer.
According to European reports, groups involved in such fraud operate across borders, use dedicated telecommunications infrastructures and networks of bank accounts or crypto addresses distributed across multiple jurisdictions. This reality makes recovering money difficult, but not impossible, when the reaction is quick and the technical evidence is collected correctly from the beginning.
recommendation
1. Do not install remote control applications at the request of someone you do not know personally or have a clear contractual relationship with
2. Do not allow access to the phone or laptop to anyone in the context of “INVESTMENT“, “quick profits” or “rrecovery of lost funds“
3. Do not make additional payments for “fees”, “taxes” or “commissions” required to “unlock” amounts apparently won on unknown platforms
4. If you have already provided access and suspect fraud:
◦ contact the bank immediately,
◦ change passwords,
◦ save screenshots and conversations,
◦ contact the Police / DIICOT.
