AnyDesk Confirms Compromised Systems, But No Ransomware Involved
After uncovering evidence of compromised production systems within its network, AnyDesk, a remote access software provider, has assured the public that ransomware was not involved in the incident. The company released a disclosure post on its website last week, detailing the discovery and subsequent actions taken to address the issue.
The specific timing of the attack was not disclosed, nor was the precise nature of the cyberattack that the company experienced. However, AnyDesk reported that it had activated a remediation and response plan, and had engaged the cybersecurity firm CrowdStrike to assist in addressing the situation. The company stated that the remediation efforts had been successful, but did not offer a timeline for when the incident had occurred.
In response to the compromised systems, AnyDesk has taken several proactive measures to address the security concerns. The company has revoked all security-related certificates, and has remediated or replaced systems where necessary. Additionally, AnyDesk is in the process of revoking previous code-signing certificates for its binaries.
As part of its efforts to protect its users, AnyDesk has advised customers to install the latest version of the software, with version 8.0.8 specified for Windows users. This recommendation is accompanied by a warning that the old code signing certificate will soon be revoked, emphasizing the importance of updating to the latest version.
In an abundance of caution, AnyDesk has also revoked all passwords to its web portal, and has urged users to change their passwords if they have utilized the same credentials elsewhere. Despite these security measures, the company reassured users that they have not found any evidence of end-user devices being affected by the incident.
However, a blog post from security vendor Resecurity has raised concerns about potential data breaches resulting from the compromised systems. According to the post, more than 18,000 AnyDesk customer credentials have been listed for sale on the dark web forum Exploit[.]in. These credentials are believed to have been obtained through infostealer infections, posing a significant threat to the security and privacy of AnyDesk users.
When contacted for clarification regarding the completion of certificate replacement and the reports of credentials being sold on the dark web, AnyDesk did not respond by press time.
While AnyDesk has assured its users that the situation is under control and that it is safe to continue using the software, the potential risks associated with the compromised data remain a cause for concern. As the company continues to address the aftermath of the incident, users are advised to remain vigilant and take appropriate precautions to safeguard their personal and sensitive information.
In light of the evolving cybersecurity landscape, incidents such as these serve as a timely reminder of the importance of robust security measures and proactive responses to potential threats. As AnyDesk continues to navigate the aftermath of the compromised systems, the cybersecurity community, as well as the company’s users, will be closely monitoring the situation for further developments.