Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
AnyDesk confirmed recently that a cyberattack has affected their product systems. The hackers accessed the source code and private code signing keys.
Initially, the 170,000 customers remote access software company claimed an unplanned maintenance to explain why client logins failed between January 29th and February 1st. A few days later, on February 2nd, AnyDesk announced they suffered a system breach.
For the moment, AnyDesk says there is no evidence that the attack impacted end-user devices.
Their current statement says:
We have revoked all security-related certificates and systems have been remediated or replaced where necessary. We will be revoking the previous code signing certificate for our binaries shortly and have already started replacing it with a new one.
Our systems are designed not to store private keys, security tokens or passwords that could be exploited to connect to end user devices.
Source – AnyDesk public statement
The remote access software company says customers can safely continue to use AnyDesk. However, they recommend using the latest versions, 7.0.15 and 8.0.8, that have a new code signing certificate.
Additionally, AnyDesk revoked all passwords in use for my.anydesk.com. Also, they advised users to change similar passwords they might have reused on other platforms.
AnyDesk system breach impact on MSPs worldwide
Managed Service Providers (MSPs) use AnyDesk to perform remotely various tasks on clients` devices:
- Remote support and troubleshooting,
- System maintenance and updates,
- Network management,
- IT asset management, etc.
According to security specialists, threat actors getting access to the AnyDesk portal could reveal details on:
- number of active connections
- duration of sessions
- customer ID and contact data
- used license key
- what emails match with certain accounts, etc.
MSPs should be on guard for supply chain attacks and only use the latest AnyDesk versions mentioned above.
While 18,000 of AnyDesk users` credentials are already for sale on the dark web, MSPs should be aware of potential credential compromise.
Stolen credentials can lead to unauthorized access to systems and sensitive information, data breaches and network compromise.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.
Heimdal® Remote Desktop Software
- Connect to any device and operating system;
- Invite more supporters to the same session;
- Connect from the Heimdal dashboard or desktop agent;
- Double encryption with RSA 2048/4096 and AES-256;
