Popular remote monitoring and management software firm AnyDesk has encountered a severe cybersecurity breach that compromised its production systems and led to the leakage of source code and code signing certificates. This incident, revealed after detecting “indications of an incident” starting in mid-January, has put the tech world on high alert.
The breach’s discovery prompted immediate action from AnyDesk, which employed cybersecurity giant CrowdStrike to implement a remediation and incident response plan. The company also informed the relevant authorities, demonstrating its commitment to transparency and security.
Spoke w/ AnyDesk on the phone:
1. Confirmed intrusion, but limited impact. IR w/ CrowdStrike & believe TA is out of the network.
2. New code signing certs are on the latest version.
3. No customer data impacted, AnyDesk application is OK, no updates or code tampered with.
— John Hammond (@_JohnHammond) February 2, 2024
The investigation pinpointed the start of the suspicious activities to December 2023, painting a timeline of the cyber intrusion’s depth.
AnyDesk faced a significant outage lasting four days from January 29, 2024, disrupting client logins—a direct fallout from the cyber attack. In response, AnyDesk took a decisive step by revoking all its code signing certificates. These certificates are crucial as they assure that software originates from a verified publisher and remains unaltered post-certification.
“We have revoked all security-related certificates, and systems have been remediated or replaced where necessary. We will be revoking the previous code signing certificate for our binaries shortly and have already started replacing it with a new one,” AnyDesk confirmed, underlining its proactive measures to safeguard its platform and user trust.
Fortunately, there’s no evidence that customer data or devices were compromised or that ransomware was deployed during the attack.
“Our systems are designed not to store private keys, security tokens, or passwords that could be exploited to connect to end-user devices,” explained AnyDesk, showcasing the robustness of its security architecture.
Despite the gravity of the situation, AnyDesk reassures its customers of the software’s integrity and safety. “To date, we have no evidence that any end-user devices have been affected. We can confirm that the situation is under control and it is safe to use AnyDesk,” the company reported, urging customers to download the latest version equipped with the new code signing certificate.
Matt Sparrow, Senior Intelligence Operations Analyst at Centripetal, commented on the attack’s significance, applauding AnyDesk’s swift detection and certificate revocation as exemplary actions by a prepared security team.
However, the incident’s shadow lingered as 18,000 AnyDesk customer credentials were discovered for sale on the dark web.
AnyDesk clarified that these credentials were not a direct result of the cyber attack but were instead harvested through stealer malware infections, emphasizing the complex nature of cybersecurity threats today.
In a digital age where the security of remote access software is paramount, AnyDesk’s incident sheds light on the continuous threats facing technology providers and the critical importance of rapid, transparent, and effective incident response strategies.
AnyDesk’s handling of this cyber attack—from detection to remediation—serves as a crucial case study in maintaining security and trust in the increasingly interconnected and vulnerable digital landscape.
To enhance online privacy and security, utilizing tools such as a VPN becomes even more relevant, offering an additional layer of protection against potential cyber threats.