AnyDesk, a widely-used remote access software provider, has confirmed a significant breach of its production systems. The incident, first reported by BleepingComputer, involved unauthorized access where source code and private code signing keys were reportedly stolen.
The Breach and Its Implications
AnyDesk, known for its remote access solutions popular among enterprises and individual users, acknowledged the cyberattack following the detection of unusual activities on their production servers. With over 170,000 customers, including giants like 7-Eleven, Comcast, Samsung, and the United Nations, the breach’s potential impact is substantial.
Company’s Response to the Incident
Upon discovering the breach, AnyDesk initiated a comprehensive security audit, confirming the system compromise. They engaged cybersecurity firm CrowdStrike for assistance and have since been working on a robust response plan. While ransomware was ruled out as a cause, specific details of the attack’s nature remain undisclosed.
Source: BleepingComputer
Measures Taken by AnyDesk
In response to the breach, AnyDesk has taken several critical steps:
- Revocation of compromised security-related certificates.
- Remediation and replacement of affected systems.
- Reassurance to customers about the safety of using AnyDesk, emphasizing no evidence of end-user device impact.
The company has stressed that AnyDesk remains secure for use, urging customers to update to the latest version featuring a new code signing certificate.
Password Revocation and Security Advice
Although no authentication tokens were reportedly stolen, AnyDesk has proactively revoked all passwords to their web portal. They advise users to change their passwords, especially if the same password is used on other sites. The company has emphasized the design of their session authentication tokens, which reportedly cannot be stolen as they are uniquely tied to the user’s device.
Replacement of Code Signing Certificates
AnyDesk has begun issuing new code signing certificates, with the recent version 8.0.8 featuring this update. This step is critical, as certificates are generally invalidated only if compromised. Users are strongly recommended to switch to the new version of the software.
Connection to Recent Maintenance and Outage
A reported four-day outage starting January 29th, where AnyDesk disabled client login capabilities, was initially unexplained. However, AnyDesk has now confirmed this maintenance was related to the cybersecurity incident.
Broader Context of Cybersecurity Breaches
This incident at AnyDesk is part of a growing trend of high-profile breaches. Recent examples include Cloudflare’s disclosure of a hack using stolen Okta authentication keys and Microsoft’s revelation of being targeted by Russian state-sponsored hackers.
