The Attack: A Malicious Actor gets Unauthorized Access to Unattended Devices 

Depending on the remote support tool and the settings in place, getting unattended access to a device might be as easy as guessing the credentials to either an agent’s or an endpoint’s remote support account. While most tools have features in place to make that process more secure, we’ve engineered our process to minimize risk as much as possible.  

Example Scenarios 

There are two different scenarios in which a hacker could get unauthorized unattended access to a device.  

1. Compromising the End User’s Remote Access Account 

Example:

You have a remote support tool that uses a specific user ID and password to get unattended access to your device, and have it set up so that incoming session requests are not shown.  

A hacker gets access to your user ID and password either through various strategies such as a keylogger or social engineering.  

They open that same remote access tool on their device, type in your credentials, and get full control to your device, without your knowledge. 

2. Compromising the Technician’s Remote Access Account 

Example:

You have a remote access tool with unattended access already set up for several devices, with settings enabled so that you don’t need to enter credentials before connecting each time. 

A hacker compromises your remote access tool account. Note that even if you have MFA enabled, this doesn’t mean your account is totally safe. Determined hackers can use a variety of methods such as social engineering to compromise your MFA as well.  

The hacker now has unrestricted access to all devices that don’t require user credentials.