AnyDesk confirmed on Friday February 2nd 2024 that it suffered a recent cyberattack that allowed hackers to gain access to the company’s production systems according to bleeping computer’s articles.
Who or What is AnyDesk?
AnyDesk is a remote access solution that allows users to remotely access computers over a network or the internet. The program is very popular with the enterprise, which use it for remote support or to access colocated servers.
The software is also popular among threat actors who use it for persistent access to breached devices and networks.
The company reports having 170,000 customers, including 7-Eleven, Comcast, Samsung, MIT, NVIDIA, SIEMENS, and the United Nations.
What have AnyDesk Said?
As part of their response, AnyDesk says they have revoked security-related certificates and remediated or replaced systems as necessary. They also reassured customers that AnyDesk was safe to use and that there was no evidence of end-user devices being affected by the incident.
“We can confirm that the situation is under control and it is safe to use AnyDesk. Please ensure that you are using the latest version, with the new code signing certificate,” AnyDesk said in a public statement.
While the company says that no authentication tokens were stolen, out of caution, AnyDesk is revoking all passwords to their web portal and suggests changing the password if it’s used on other sites.
It’s also recommending that users download the latest version of the software, which comes with a new code signing certificate.
AnyDesk did not disclose when and how its production systems were breached. It’s currently not known if any information was stolen following the hack. However, it emphasized there is no evidence that any end-user systems have been affected.
Recommendations
With any breach, it is always best to follow a direct course to protecting your data and other systems. Below are some recommendations from us here at Eknotec on how you can protect your data.
AnyDesk Recommendations
- Change all passwords on other sites that are the same as the one used for the AnyDesk websites and portals.
- Consider disabling AnyDesk in your environment, either by disabling the agent through GPO or blocking at a network level until more is known.
- Update to the latest version of the software.
Eknotec Recommendations
- Check for Suspicious Activity – Regularly monitor your accounts for any unusual activity, such as unrecognized logins or transactions. Many online services offer activity logs or notifications that can help you keep track of your accounts.
- Enable 2-factor or multifactor authentications if possible – this allows you to be able to use your mobile phone or even a biometric such as your face, fingerprint etc. to add an additional layer of security to access your accounts.
- Use a password manager – the best advice we can offer is to never use the same password for everything. Making use of a password manager will prevent you have to remember multiple passwords which results most of the time in using the same password.
- Be aware of phishing attempts – phishing has proven to be the ideal vector for threat actors as we aren’t always aware of how to recognize phishing emails. There are many free security awareness training programs online you can learn from.
Following these recommendations are an added layer of protection for your data and systems. To learn more continue to follow us or reach out to us “Contact”.
Sources:
- “AnyDesk says hackers breached its production servers, reset passwords”, By Lawrence Abrams, February 2, 2024, https://www.bleepingcomputer.com/news/security/anydesk-says-hackers-breached-its-production-servers-reset-passwords/
- “AnyDesk Hacked: Popular Remote Desktop Software Mandates Password Reset“, Feb 03, 2024
- “AnyDesk confirms production systems were breached”, By ED TARGETT, February 2, 2024, https://www.thestack.technology/anydesk-hacked/