AnyDesk reported that hackers have gained unauthorized access to the company’s production systems through an unexpected attack.
The well-known remote desktop application developer, Anydesk Software GmbH, based in Germany, recently disclosed that hacking has damaged its production systems.
In particular, the company experienced a four-day downtime from January 29 to February 1, 2024, which prevented customers from using the AnyDesk client.
A compromised system has been found by AnyDesk, which provides services to 170,000 clients, including the United Nations AutoForm Engineering, Samsung Electronics, Thales, LG Electronics, Siemens, MIT, Comcast, NVIDIA, Spidercam, United Nations, and 7-Eleven. The attackers stole the source code and code signing certificates, which are still significant and might jeopardize the program’s integrity.
When AnyDesk discovered the issue, it contacted CrowdStrike to conduct a thorough security audit. The company quickly implemented its incident response strategy, revoked security-related certificates, and replaced or fixed any compromised systems. Even though ransomware was not used in the hack, attention turned to fixing the breach and guaranteeing user safety.
Moreover, AnyDesk replaced or corrected its systems and revoked all security-related certifications. It also intends to replace the outdated Code Signing Certificate for binaries with a new one.
As a security measure, the company has also removed all passwords on its website, my.anydeskcom. The incident has also been reported to the appropriate authorities.
AnyDesk did not disclose the specifics of the production system hacking incident, including information theft and session hijacking, although claiming no proof of any end-user systems being impacted. According to the firm, users shouldn’t be alarmed by the hack because it never keeps passwords, security tokens, or private keys on hand.
An indication of the seriousness of the hack is the rapidity at which stolen Code Signing certificates are being replaced. Released on January 29, version 8.0.8 proactively responds to any compromises with the name changed from ‘philandro Software GmbH’ to ‘AnyDesk Software GmbH’. It is important to note that certificates are only valid if they are hacked.
On January 29, AnyDesk blocked logins without providing a reason during a four-day maintenance window. The connection between the maintenance and the security lapse event was made clear when access was restored.
Recommendations to the AnyDesk User
However, AnyDesk advises clients to download the most recent version of AnyDesk 8.0.8, which features a new code signing certificate, and to change their passwords if repeated on other online sites.
In the blog post, the company stated, “As of right now, we have no evidence that any end-user devices have been affected.” “We can certify that AnyDesk may be used safely and that this issue is controlled. Ensure you are running the most recent version with the updated code signing certificate.
We will keep providing context and insight as events occur to enable you to receive more precise information to help reduce risk in your environment. Stay Tuned with us!
The post AnyDesk Production Systems Breached: Change Password and Update to Latest Version appeared first on EncryptedFence by Certera - Web & Cyber Security Blog.
