On Friday, AnyDesk disclosed a cyber intrusion compromising its production systems. Following a security check, the German firm confirmed the incident, clarifying it as non-ransomware, and promptly notified authorities.
The corporation stated, “We have revoked all security-related certificates and systems have been remediated or replaced where necessary.” “We will be revoking the previous code signing certificate for our binaries shortly and have already started replacing it with a new one.”
Furthermore, AnyDesk has revoked all passwords to its website, my.anydesk[.]com, and advised users to reset them if they’ve reused them on other online services.
Additionally, it suggests downloading the newest program, which comes with a fresh code signing certificate.
AnyDesk did not disclose how its production systems were compromised, and the impact on data remains unknown. According to the company, no end-user systems have been affected.
BornCity’s Günter Born disclosed AnyDesk’s January 29 maintenance this week. The firm addressed the issue on February 1, following reports of “intermittent timeouts” and “service degradation” with their Customer Portal on January 24.
Over 170,000 customers, including Amedes, AutoForm Engineering, LG, Samsung, Spidercam, and Thales, rely on AnyDesk.
This revelation follows Cloudflare’s disclosure of a suspected nation-state attacker using stolen credentials to access its Atlassian server, gaining access to certain documentation and source code.
Update# Resecurity has identified two threat actors, one of them named “Jobaaaaa,” who has advertised a “significant number of AnyDesk customer credentials for sale at Exploit[.]in.” This raises concerns about potential utilization for “technical support scams and phishing.”
The threat actor offered 18,317 accounts for $15,000 in cryptocurrencies and agreed to an escrow transaction on a cybercrime website.
“Notably, the timestamps visible on the shared screenshots by the actor illustrate successful unauthorized access dated February 3, 2024 (post-incident disclosure),” it stated. “It is possible that not all customers have changed their access credentials, or this mechanism was still ongoing by the affected parties.”
Resecurity cautioned that fraudsters might be hastening to monetize consumer details since passwords could have been changed.
AnyDesk has declared its software “safe to use” following the cyberattack.
AnyDesk directed The Hacker News to its updated public statement, affirming that all “official sources” of their tool are secure. Customers are advised to download versions 7.0.15 and 8.0.8 as well.
A second FAQ from the corporation indicates that a security examination conducted in mid-January 2024 uncovered corrupted production systems. It also confirms that there have been no observed harmful source code alterations or malicious programs deployed to clients through AnyDesk platforms.
MANAGED CYBERSECURITY SOLUTIONS
Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.
About Rhyno Cybersecurity Services
Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.
Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.