AnyDesk Reveals Details on Recent Cyber Incidents [Update Jan 7]
AnyDesk, the remote desktop software company, has released another statement and FAQ detailing its response to a recent cyber security incident.
According to the new statement, AnyDesk detected suspicious activity and conducted a security audit with the help of cyber experts at CrowdStrike. Evidence was found of compromised production systems, though no customer data or end-user devices appear to have been affected. The company states it immediately enacted remediation measures in cooperation with authorities.
It's December Hack, not mid-Jan
Anydesk initially mentioned company detected suspicious activity in mid-January, but now Anydesk says, according to the Diligent forensic investigation the incident had started in late December 2023
"The situation is under control and it is safe to use AnyDesk," the company says in the FAQ. It confirms the incident was not caused by ransomware or extortion.
On precautionary password resets, AnyDesk explains that while credentials were likely not breached, it "cannot rule out the theoretical possibility" during a limited time window. The company has therefore required all my.anydesk.com users to change their passwords.
AnyDesk's credential handling architecture aims to prevent private keys or passwords from being stored in ways they could be exploited to remotely access customer systems. In transit, credentials are secured by TLS/SSL encryption between client devices and the my.anydesk.com servers. Only two relay servers in Europe were impacted.
"Even to read credentials from these extremely limited connections, the attackers would have had to rewrite the very extensive code of our software in the very short time available," states the FAQ.
The company asserts it has found no evidence that its code signing certificate was misused to spread malicious AnyDesk versions. All relevant security certificates have been revoked. Users are advised to only download the software directly from AnyDesk.
The FAQs reject speculation about the potential for hijacked remote sessions and malware spread through compromised AnyDesk code, stating thorough reviews found no such issues.
The company emphasizes that all versions of AnyDesk downloaded from official sources remain safe to use. However, it recommends updating to the latest versions 7.0.15 and 8.0.8 out of an abundance of caution.
AnyDesk credentials are listed for sale on hacking forums.
After a day, Anydesk made a statement regarding the Anydesk credential listed on the Darknet. The company mentioned that they are aware of credentials for AnyDesk customer accounts circulating on the Darknet.
"These credentials were not exfiltrated from AnyDesk systems and are not related to the incident. Rather, they appear to be old information obtained from end-user devices infected with malware e.g. information stealers."
Some users call for more details on the nature of the compromise." Information from which I can get an idea of what exactly happened is still missing." - a user commented on the Borncity post.
Mac Users Update Your Client too!
Initially, when the hack was reported, AnyDesk pushed a security update for the Windows version only, but now the company has also released the security update for the macOS version, with the same text on the changelog, "Security update: Exchanged code signing certificate. The previous certificate will be invalidated soon." So Mac users are also strongly recommended to update their AnyDesk clients immediately.
Join the conversation