Overview
Government entities and organizations in Ukraine are on high alert after the Computer Emergency Response Team of Ukraine (CERT-UA) uncovered a social engineering campaign targeting unsuspecting users with malicious AnyDesk requests.
The attackers are impersonating CERT-UA, a legitimate government agency, to trick victims into granting remote access to their computers using AnyDesk, a popular remote desktop application.
Here’s a breakdown of the attack and how to stay safe:
Deceptive Tactics
- Impersonation: Attackers are using the CERT-UA name, logo, and even a specific AnyDesk ID (1518341498, though this may change) to establish trust with potential victims.
- Pretext for Access: The attackers claim to be conducting a “security audit” to check the level of protection on the target’s device.
CERT-UA’s Clarification
CERT-UA has confirmed that it may use remote access tools like AnyDesk in specific situations. However, they emphasize that such actions only occur “with prior approval” established through official communication channels.
Indicators of Compromise
- Unsolicited AnyDesk connection requests, particularly those mentioning a security audit.
- AnyDesk requests from users named “CERT-UA” or with the AnyDesk ID 1518341498 (be wary of variations).
Recommendations to Stay Safe
- Be Wary of Unsolicited Requests: Never grant remote access to your device unless you have initiated the request and can confirm the identity of the person on the other end.
- Multi-Factor Authentication: Enable multi-factor authentication on any remote access software you use for an extra layer of security.
- Verification is Key: If you’re unsure about the legitimacy of a remote access request, contact the organization the requester claims to represent through a verified communication channel (e.g., phone number from the official website).
- Only Use When Needed: Disable remote access software when not in use to minimize the attack surface.
- Report Suspicious Activity: If you encounter a suspicious AnyDesk request claiming to be from CERT-UA, report it to the agency immediately.
By following these steps, you can significantly reduce the risk of falling victim to this impersonation attempt and protect your devices from unauthorized access.
By staying informed about common social engineering tactics and implementing strong security practices, especially during these times of heightened geopolitical tensions, you can make it significantly harder for attackers to gain a foothold in your systems.
