On Friday February 2nd, 2024, remote desktop software vendor AnyDesk disclosed they had suffered a significant breach of their IT systems that was not ransomware related. This follows a maintenance outage of several days, which AnyDesk implemented on Tuesday January 30th.

AnyDesk did not detail the full extent of the breach, but confirmed it included the compromise of a sensitive code signing certificate. This is a critical mechanism for enterprise software users, as it provides a high degree of certainty that a specific application is byte-for-byte identical to the code issued by the vendor. Historically speaking, threat actors have targeted code signing certificates in order to exploit the trust in running signed code.
Additionally, cybercrime operators have widely abused valid versions of AnyDesk remote management software.
AnyDesk has published an updated version of their remote desktop software that utilizes a new code signing certificate. AnyDesk has also forced password resets for all user accounts and separately there was a public report of 18K AnyDesk credentials being offered for sale in a criminal forum on Saturday February 3rd. While these accounts were likely stolen previously, it reinforces the need to apply MFA to your accounts as threat actors may use this list to target known AnyDesk users despite the password reset.

What you should do :

While there is currently no indication that AnyDesk customers are being targeted in a campaign, out of an abundance of caution we recommend AnyDesk customers perform the following:
  • Install the latest version of the software.
  • Complete the password reset process.

Recommended Actions:

If you haven’t already, we also recommend AnyDesk users perform the following:
  • Enable Multi-Factor Authentication (MFA) on your AnyDesk accounts.
  • Evaluate whether AnyDesk software is necessary in your environment and consider leveraging Sophos Application Control tools to restrict the usage of AnyDesk software to only required instances.

SOURCE

Resecurity | Following the AnyDesk Incident: Customer Credentials Leaked and Published for Sale on the Dark Web

AnyDesk Hacked: Popular Remote Desktop Software Mandates Password Reset (thehackernews.com)

Contact us if you have any questions or concerns.

Latest Articles