I’ve been covering scams for a long time. And the one thing that’s in common with all these scams is that the scammers will use tools like AnyDesk to get access to your PC (or Mac, or your cell phone). That’s why this blog post from AnyDesk caught my eye. Here’s what you need to know:
AnyDesk, the world’s leading provider of remote access software, announced today the creation of the AnyDesk Anti-Fraud Taskforce. “This task force is dedicated to stopping fraud in real-time. We partner with various creators and scam baiters to take a proactive approach to fraud prevention” said Matthew Caldwell, one of the company’s fraud prevention specialists.
AnyDesk has already shut down several call centers, preventing fraudulent activity by severing the connections to thousands of devices in real-time. By partnering with experienced “scam baiters” such as KitBoga, ScammerPayback, and Jim Browning, who intentionally bait the call centers and waste their time AnyDesk can take action and ban these call centers in a proactive manner. “As always, these scammers adapt and will switch to other remote access solutions. We would love to build something bigger here, and urge other remote access companies to work with us” said Jim Browning, a prominent YouTuber and expert on scam baiting.
In collaboration with Jim Browning, the AnyDesk Anti-Fraud Taskforce has started to explore a partnership with the internationally renowned spam-fighting company, SpamHaus. “This work is expected to inspire collaboration amongst competitors and is planned to include a list of shared non-descriptive identifiers that can be used to stop fraud on a global level”, says Caldwell. Collaboration of this level will ensure when a user has been flagged for engaging in fraud, the information will be shared amongst other remote access companies, so they can collectively combat misuse.
To kick off the project, AnyDesk is establishing the Fraud Fighters Foundation as well as pledging $10,000 to fraud prevention efforts. Funds will go towards education and reimbursement of victims and will be distributed by the foundation under recommendation from the AVAH Outreach Group. The AVAH Outreach Group specializes in preventing fraud by monitoring call centers and intervening to protect victims mid scam call. Caldwell continues, “We’re looking forward to building something amazing here, and we would love to get other companies involved – A proactive approach is always better than a reactive one.”
This is a big move. Starting with the fact that they are working with well known “scam baiters” who are people who specialize in going after scammers and collecting info on the scams so that they can expose not only the scams, but the people behind them. Now if AnyDesk can get other remote access software companies like TeamViewer for example to work with them, that will make these scams a lot harder for scammers to execute. Thus I really hope that this effort gains momentum as the scumbags behind these scams deserve to have their lives be as miserable as possible.
AnyDesk Pwned…. Which Is Kind Of Ironic If You Ask Me
Posted in Commentary with tags AnyDesk, Hacked on February 5, 2024 by itnerdFirst let me get to the top level item. Remote access software provider AnyDesk has put out a statement that said the following:
Following indications of an incident on some of our systems, we conducted a security audit and found evidence of compromised production systems. We immediately activated a remediation and response plan involving cyber security experts CrowdStrike. The remediation plan has concluded successfully. The relevant authorities have been notified and we are working closely with them. This incident is not related to ransomware.
We have revoked all security-related certificates and systems have been remediated or replaced where necessary. We will be revoking the previous code signing certificate for our binaries shortly and have already started replacing it with a new one.
Our systems are designed not to store private keys, security tokens or passwords that could be exploited to connect to end user devices. As a precaution, we are revoking all passwords to our web portal, my.anydesk.com, and we recommend that users change their passwords if the same credentials are used elsewhere.
To date, we have no evidence that any end-user devices have been affected. We can confirm that the situation is under control and it is safe to use AnyDesk. Please ensure that you are using the latest version, with the new code signing certificate.
Well, this is not trivial. It seems like the threat actor was trying to pull of some sort of supply chain attack where the threat actor pwns AnyDesk to pwn AnyDesk customers. At this point it looks like they got stopped before any real damage was done. But we’ll have to see if that’s true in the coming days, weeks, and months as companies who are downstream victims of a supply chain attack will often find out that they got pwned much later. Having said that, if you use AnyDesk, it might be worth your while to bring in an expert now to make sure you haven’t got pwned in any way.
What’s ironic about this is the fact that AnyDesk for many years has been the tool of choice by threat actors in general, but more specifically scammers who are often based in India to get and maintain persistent access to victims computers. Now to be fair to AnyDesk, they have been trying to fight back against this with the help of some well known scam baiters. But for them to get pwned is a bit ironic.
Leave a comment »