AnyDesk Software GmbH, the German developer of popular remote access software, has disclosed a significant security breach that prompted a security audit. While details about the attack remain limited, AnyDesk clarified that it’s not related to ransomware. The company has taken immediate actions, revoking all security-related certificates and remediating or replacing compromised systems.
Nature of the Breach: AnyDesk emphasizes that the breach is unrelated to ransomware, but the exact nature of the attack remains undisclosed. Security certificates have been revoked, and affected systems are either remediated or replaced as necessary. AnyDesk is vigilant about not storing exploitable data like private keys, security tokens, or passwords, but as a precaution, all passwords to the web portal are being revoked.
Precautionary Measures: To enhance security, AnyDesk is revoking the previous code signing certificate for its binaries and replacing it with a new one. The company recommends users change their passwords, especially if the same credentials are used elsewhere. AnyDesk has engaged CrowdStrike to investigate and remediate the incident, and relevant authorities have been notified.
Potential Supply Chain Attack: The brief description of the incident raises concerns about a potential supply chain attack. Such attacks pose severe risks as they can allow threat actors to deliver trojanized software to victims’ customers. AnyDesk urges users to ensure they are using the most recent version with the new code signing certificate.
Credential Sale Aftermath: Following the breach, cybersecurity firm Resecurity reported that an individual is offering to sell credentials of over 18,000 AnyDesk customers on a cybercrime forum for $15,000 in cryptocurrency. These credentials were allegedly obtained through information-stealing malware that compromised AnyDesk users’ systems. Cybercriminals are in a rush to monetize the credentials before users change them in response to the breach.
Conclusion: Despite the security breach, AnyDesk asserts that its software is safe to use. However, users are strongly encouraged to update to the latest version with the new code signing certificate. The incident highlights the ongoing challenges and risks in the cybersecurity landscape, emphasizing the importance of prompt action and vigilance in the face of evolving threats.