Late Friday (Feb.02 2024), X(former twitter) Infosec community sprung with lots of controversies disclosing that a German based company which goes by the name “AnyDesk” has been compromised.
In a series of post by users of X, it was revealed that the remote access software company production systems, were hacked resulting to over 170,000 of customers data leaked.
Any desk has also officially confirmed this rumours, via an article published on its website. Describing the situation of the incident in the blog article dated 02-February-2024, the German based company stated that:
“ Following indications of an incident on some of our systems, we conducted a security audit and found evidence of compromised production systems.”
The incident was noticed, when customers were unable to login into their systems, resulting to login failures, and unplanned maintenance said to have been initiated by AnyDesk, without notifying the general public. Further analysis of the situation, revealed that a code signing certificate was invalidated on the 29th January 2024, hinting that these certificates might have been corrupted or compromised.
Upon noticing the incident, Anydesk initiated a response plan with Crowdstrike cybersecurity team, and solidified the actions taken, with a proof, stating that:
“ We immediately activated a remediation and response plan involving cyber security experts CrowdStrike. The remediation plan has concluded successfully. The relevant authorities have been notified and we are working closely with them.”
Although the general public were thrown into panic, due to the rise in ransomware attacks, however, AnyDesk has debunked the rumour stating that the incident was in no way related to a ransomware attack.
Analyzing the posts from X-infosec, here are a little insight on security experts opinion regarding this incident.
Mitigation:
AnyDesk, has since then, remediated this issue , by replacing all security-related certificates and systems, while also revoking previously code signing certificate and replacing them with new ones.
Users of their products, are also advised to change their passwords, as previously owned passwords have been revoked.
On the system configuration, data storage, and password related issues, AnyDesk stated that:
“ Our systems are designed not to store private keys, security tokens or passwords that could be exploited to connect to end user devices. As a precaution, we are revoking all passwords to our web portal, my.anydesk.com, and we recommend that users change their passwords if the same credentials are used elsewhere.”
The organisation which has customers from over 190-geolocations, and its head-quarters based in Germany, assured the public, that their has been no evidence that end-users devices were affected or exploited in the wild. They also acknowledged this, by saying:
“We can confirm that the situation is under control and it is safe to use AnyDesk.”
The company also beckoned on users to download the latest version of their products, and also the new signing certificate. For further information, and enquiries users can visit AnyDesk.
Remember to always stay safe, and be vigilant 🛡️!
Put your comments below in the comment section on your thoughts about this.