Remote desktop software maker AnyDesk has recently revealed that it fell victim to a cyberattack resulting in a compromise of its production systems. The German company discovered the incident during a routine security audit. Although it was not a ransomware attack, AnyDesk has taken immediate action to address the breach and has notified relevant authorities.
Nature of the Attack
AnyDesk clarified that the cyberattack was not a ransomware incident. While specific details about the breach were not disclosed, the company has taken precautionary steps to mitigate any potential damage. Revoking all passwords to its web portal, my.anydesk.com, AnyDesk is urging users to change their passwords, especially if they have been reused on other online platforms. This move ensures that compromised passwords cannot be utilized across multiple services.
Details of the breach
The exact date and methods used to breach AnyDesk’s production systems were not disclosed, leaving this information ambiguous. The company is actively investigating the matter to determine the extent of the attack and identify any potential vulnerabilities that may have been exploited.
No impact on end-user systems
AnyDesk emphasized that there is currently no evidence suggesting that end-user systems have been affected by the breach. This reassurance provides some relief to the numerous clients utilizing AnyDesk’s remote desktop software.
Earlier Maintenance Alert
Concerns about AnyDesk’s security were initially raised when Günter Born of BornCity reported that the software had been under maintenance since January 29th. While it remains unclear whether this maintenance window was directly related to the cyber attack, the incident has raised questions about AnyDesk’s overall security protocols.
Prominent customers at risk
Having amassed a customer base of over 170,000, AnyDesk has a broad reach, serving renowned companies such as Amedes, AutoForm Engineering, LG Electronics, Samsung Electronics, Spidercam, and Thales. The breach potentially puts these enterprises and others at risk, raising concerns about the safety of their sensitive data and proprietary information.
Related Incident: Cloudflare Breach
Coincidentally, AnyDesk’s announcement closely follows Cloudflare’s disclosure of a breach perpetrated by a suspected nation-state attacker who gained unauthorized access to their Atlassian server. This unauthorized access allowed the intruder to obtain some documentation and a limited amount of source code. The Cloudflare breach highlights the persistent threats faced by companies in the technology sector.
Threat actors are advertising customer credentials
With the cyber attack on AnyDesk being made public, cybersecurity firm Resecurity has reported the discovery of two threat actors advertising a substantial number of AnyDesk customer credentials for sale on Exploit[.]in. One of the threat actors, known by the online alias “Jobaaaaa,” appears to be capitalizing on the attack and attempting to monetize the stolen credentials.
Potential motives and rush to monetize
The precise means by which these customer credentials were obtained remains unknown. However, Resecurity suggests that cybercriminals may be rushing to exploit the situation and monetize these credentials before users have the opportunity to reset their passwords. This reinforces the importance of maintaining unique and secure passwords to safeguard personal and organizational accounts.
AnyDesk’s recent disclosure of a cyberattack highlights the ongoing threats faced by technology companies worldwide. While the specifics of the breach have not been fully revealed, the company has taken necessary precautions by revoking passwords and encouraging users to change them. AnyDesk’s prompt response and transparency serve as a reminder to both individuals and organizations alike to remain vigilant, practice good password hygiene, and prioritize cybersecurity in an increasingly interconnected digital landscape.