Suggestions

AnyDesk’s Cyber-Attack: Customer Data Leaked

February 5, 2024
by
1 min read

TLDR:

  • Remote desktop software provider AnyDesk experienced a cyberattack that compromised its production systems.
  • The attackers stole source code and private code signing keys, but there is no evidence that user devices were affected.
  • AnyDesk has revoked all security certificates and passwords and has implemented remediation measures.

Popular remote desktop software provider AnyDesk has confirmed that its production systems were compromised in a cyberattack. The attackers were able to steal source code and private code signing keys and gain access to the company’s production systems. AnyDesk immediately activated a remediation and response plan with the help of cybersecurity experts CrowdStrike. The company believes the threat actor is now out of its network and has revoked all security-related certificates and web portal passwords.

The hack did not involve ransomware, and AnyDesk has found no evidence that end-user devices were affected. The company’s systems are designed not to store private keys, security tokens, or passwords that could be exploited to connect to end-user devices. AnyDesk assures users that it is safe to use the software but recommends updating to the latest version and changing passwords if the same credentials are used elsewhere.

However, two days after AnyDesk’s public statement, cybersecurity firm Resecurity discovered that multiple threat actors are selling compromised AnyDesk login credentials on both the clear and dark web. One of these threat actors listed over 18,000 AnyDesk customer credentials for sale on a prominent dark web forum. Resecurity and other threat intelligence providers believe that these compromised credentials are the result of end customer compromise via stealer malware, rather than the direct breach of AnyDesk’s systems.

Resecurity argues that cybercriminals familiar with the initial incident are rushing to monetize the available customer credentials before users take proactive measures to reset their credentials. AnyDesk’s maintenance period from January 29 to February 1 likely prevented many customers from changing their access credentials, allowing bad threat actors to access details about customers. AnyDesk recommends that users contact the company for more information on their potential impact and advises them to change passwords, use whitelisting and multifactor authentication, and monitor customer accounts for suspicious activity.

Post Views: 77

Adrian Johnson

Latest from Blog

Bridging the cyber talent gap: tips for CISOs

TLDR: – Global cyber threats have increased twofold in recent years, leading to a talent gap of nearly 4 million cyber professionals worldwide. – Existing cyber staff are under strain, with vacancies

North Korean hackers pivot to ransomware attacks

TLDR: North Korean hackers from APT45 have shifted from cyber espionage to ransomware attacks APT45 has targeted critical infrastructure and is linked to ransomware families SHATTEREDGLASS and Maui A North Korea-linked threat

Cyber insurance evolves to cover all your online needs

TLDR: Cyber insurance coverage is evolving to help raise security baselines across businesses. Only one-quarter of companies have a standalone cyber insurance policy. In today’s evolving cybersecurity landscape, cyber insurance coverage is