AnyDesk Security Breach

AnyDesk Security Breach

AnyDesk, a popular remote access solution, recently confirmed that it experienced a cyberattack on its production systems, resulting in unauthorized access. While detailed information about the compromised data has not been disclosed, the breach involved the theft of the source code and code signing certificates. Following the attack, AnyDesk assured users that the software remains safe after implementing necessary security measures.

Although AnyDesk stated that no authentication tokens were stolen, the company recommended canceling all passwords on its web portal and advised users to change their passwords as a precautionary measure. AnyDesk emphasized that session authentication tokens remain on users' devices and cannot be stolen from its systems.

The company promptly replaced the stolen code signing certificates, as evidenced by the release of AnyDesk version 8.0.8 under the name 'AnyDesk Software GmbH' on January 29th. Interestingly, the attack coincided with a four-day outage starting on January 29th, during which AnyDesk disabled login capabilities. The company confirmed this outage was related to the cybersecurity incident, and access was restored shortly after.

Affected Systems

All Systems are affected

IoC’s

-

Recommended Solution(s)

As the old certificates are soon to be revoked, users are strongly advised to update to the latest version of AnyDesk to ensure their security. Additionally, despite AnyDesk's assurance that passwords were not stolen, users are recommended to change their passwords as an extra precaution.

Mitigations

-

CVE / CWE

CVE code is not published

Related Website(s)

• https://anydesk.com/en/public-statement

* Vulnerabilities with a CVSS 3.1 score between 7.0 and 8.9 are evaluated to be “high” whereas vulnerabilities with a CVSS 3.1 score between 9.0 and 10.0 are evaluated to be “critical”.