Cybersecurity Breach: AnyDesk Takes Action
AnyDesk, a prominent provider of remote desktop software, has revealed the occurrence of a cyber breach within its systems, necessitating immediate action.
Security Incident Uncovered
Following a rigorous security audit, AnyDesk uncovered the breach within its production systems. It’s noteworthy that this incident is not classified as a ransomware attack. The company has promptly informed the appropriate authorities about the breach.
Mitigation Steps Implemented
In response to the breach, AnyDesk swiftly took measures to address the security lapse. All security-related certificates were revoked, and necessary system remediations or replacements were executed. Additionally, the company is in the process of replacing its previous code signing certificate with a new one.
User Passwords Revoked
As a precautionary measure, AnyDesk has revoked all passwords associated with its web portal, my.anydesk[.]com. Users are strongly advised to change their passwords, especially if the same credentials are used across multiple online platforms.
Software Update Encouraged
To bolster security measures, AnyDesk recommends users to download the latest version of the software, which includes an updated code signing certificate.
Timeline of Events
While the exact timing and method of the breach remain undisclosed, AnyDesk is diligently working to ascertain the extent of the intrusion. However, there is currently no evidence to suggest that end-user systems have been compromised.
Earlier reports by Günter Born highlighted maintenance activities on AnyDesk’s systems starting from January 29, with resolution achieved by February 1. Additionally, previous alerts regarding service disruptions were issued on January 24.
AnyDesk caters to a diverse clientele, boasting over 170,000 customers worldwide, including notable entities like Amedes, AutoForm Engineering, LG Electronics, Samsung Electronics, Spidercam, and Thales.
In a separate incident, cybersecurity firm Resecurity uncovered alarming findings. Two threat actors, including one identified as “Jobaaaaa,” were found advertising a substantial number of AnyDesk customer credentials for sale on Exploit[.]in. These credentials could potentially be exploited for technical support scams and phishing activities.
Escalation of Concerns
Resecurity’s investigation revealed the sale of 18,317 accounts for $15,000 in cryptocurrency, with transactions facilitated through an escrow agreement on a cybercrime forum. Moreover, the shared screenshots by the threat actor indicate unauthorized access as recent as February 3, 2024, following the public disclosure of the breach.
Despite efforts to mitigate the breach, the possibility remains that some customers have yet to change their access credentials. This underscores the urgency for affected parties to take proactive measures in securing their accounts.
In conclusion, the AnyDesk breach serves as a stark reminder of the persistent threats posed by cyber adversaries. As the company continues its efforts to reinforce security measures, users are strongly advised to remain vigilant and promptly implement recommended security protocols to safeguard their data and systems against potential risks.