Remote Log in on my "protected" Laptop

Bill_Adams

Since they make it impossible to just contact support with a question I'll post it here. I need someone from Bit Defender to convince me why I should even keep my subscription. I caught someone in the early morning that had remoted into my personal laptop. I saw the cursor moving and then noticed a yellow band around the screen. As soon as I sat down (camera was not blocked as I usually have it, they left. I immediately went and changed all of my passwords, wiped that laptop (windows10) and got a new laptop that could run Windows 11, as my research showed 10 was no longer safe, and will be sunsetted next October. So I am doubting that I have the correct solution on my PC's when something like that could happen.

Gjoksi

Hello.

I'll tag @Alexandru_BD, who works for Bitdefender.

Regards.

Alexandru_BD

Hello @Bill_Adams,

I'm sorry to hear what happened to you.

Did you change anything on that device lately, are you aware of any programs that might have been installed, and does anyone else usually have access to that device? Remote access like this can be unsettling, that's for sure. Can you think of any reasons why someone would login remotely on your device, anyting in particular that they could be looking for? If the device was wiped, I think it's impossible to determine exactly how someone could have gained access to your laptop.. We can only make assumptions at this stage. Sometimes, remote access tools or malicious software exploit vulnerabilities in operating systems or other installed software, and may allow attackers to bypass antivirus protections. Regular updates help mitigate these, but the antivirus alone can't catch ALL unknown or newly emerging threats. If there was an operating system vulnerability that was not patched by installing the latest update, then this may have been a way in. As far as I know, Windows 10 has remote desktop and other remote assistance features, which can be unintentionally enabled. If misconfigured or used without strict authentication, these can allow unauthorized access.

Also, attackers can often gain initial access through phishing attacks or social engineering, prompting users to grant access unknowingly. Once in, attackers may install backdoors to maintain access. But again, we are shooting arrows in the dark here, we can't possibly know how they gained access, based solely on the information you shared above. We don't know if Bitdefender was fully functional at that time, if all security modules were enabled, if access was granted unknowingly, etc. If the product was still installed after the security event, I think the Support engineers might have had a chance to trace down the root cause and find out how this attack unfolded, or at least they could have tried, but under the given circumstances there isn't much that can be done, really.

I think that by upgrading to a Windows 11 device, you've already taken solid steps toward increased security.
Going forward, additional measures like enabling multi-factor authentication, a password manager, and disabling unused remote access features can enhance your protection further.
And of course, having an antivirus installed will boost your defenses against more sophisticated attacks.
Especially now, since apparently someone gained access to your device remotely, for some reason. And if they targeted you once, there's no guarantee they won't try again, if the security is weak.

That's all I have to say.

Regards,

Alex