In a startling revelation, AnyDesk Software, the Germany-based developer renowned for its remote access software, has disclosed a significant security breach that has left customers on edge. The company, in a communication to its users on Friday, divulged that a security audit prompted by suspicious activities unearthed compromises within AnyDesk's production systems.
While details regarding the nature of the attack remain scant, AnyDesk has moved swiftly to reassure its user base, affirming that the incident "is not related to ransomware." In response to the breach, AnyDesk has taken decisive action, revoking all security-related certificates and undertaking remediation measures. The company has also opted to replace the previous code signing certificate for its binaries with a new one.
"We have revoked all security-related certificates and systems have been remediated or replaced where necessary. We will be revoking the previous code signing certificate for our binaries shortly and have already started replacing it with a new one," stated an AnyDesk spokesperson.
Furthermore, the company has underscored its commitment to user security, affirming that its systems are meticulously designed to avoid storing sensitive information such as private keys, security tokens, or passwords that could potentially be exploited by malicious actors. As a precautionary measure, AnyDesk has initiated the revocation of all passwords to its web portal, urging users to promptly update their login credentials.
In a bid to comprehensively address the breach, AnyDesk has enlisted the expertise of cybersecurity firm CrowdStrike to conduct an exhaustive investigation and facilitate remediation efforts. Authorities have also been notified of the incident.
Despite the gravity of the breach, AnyDesk remains steadfast in its assurance that its software remains safe for use. However, the company has urged users to exercise caution and ensure they are utilizing the latest version of the software featuring the new code signing certificate.
The aftermath of the breach has seen cybersecurity firm Resecurity raise additional concerns, reporting that an individual has surfaced on a prominent cybercrime forum offering to sell the credentials of over 18,000 AnyDesk customers. The asking price for this trove of credentials stands at a staggering $15,000 in cryptocurrency.
Nick Hyatt, Director of Threat Intelligence at BlackPoint, provided crucial insights into the evolving threat landscape. Hyatt revealed, "While the credentials are legitimate AnyDesk credentials, they are part of a compilation of credentials amassed from previous infostealer dumps." This revelation sheds light on the sophisticated tactics employed by threat actors, who capitalize on breaking news to exploit previously acquired credentials. Hyatt further emphasized the importance of password hygiene, stating, "This is a good example of threat actors using breaking news to try and turn a quick buck with previously existing credentials." He underscored the necessity of unique passwords for every application, cautioning users to promptly change their AnyDesk passwords and ensure the software is updated to the latest version for enhanced security.
AnyDesk Software, boasting over 800 million downloads worldwide, now finds itself grappling with the aftermath of this security incident, underscoring the ever-looming threat landscape confronting organizations in the digital age.