Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Supply Chain Security

AnyDesk Hacked: Revokes Passwords, Certificates in Response

AnyDesk is revoking certificates and passwords in response to a significant security breach impacting production systems.

AnyDesk hack

AnyDesk Software, the Germany-based developer of the popular remote access software, informed customers on Friday about a significant security breach. 

According to the company, a security audit triggered by suspicious activity led to the discovery that AnyDesk production systems were compromised. Little information has been shared on the attack itself, but AnyDesk has clarified that the incident “is not related to ransomware”.

“We have revoked all security-related certificates and systems have been remediated or replaced where necessary. We will be revoking the previous code signing certificate for our binaries shortly and have already started replacing it with a new one,” AnyDesk said.

It added, “Our systems are designed not to store private keys, security tokens or passwords that could be exploited to connect to end user devices. As a precaution, we are revoking all passwords to our web portal, my.anydesk.com, and we recommend that users change their passwords if the same credentials are used elsewhere.”

AnyDesk called in CrowdStrike to help investigate and remediate the incident and authorities have been notified. The firm claims to be confident that AnyDesk is safe to use, but urged customers to ensure that they are using the most recent version with the new code signing certificate.

The brief description of the incident suggests that the company may have been targeted in an attempted supply chain attack. These types of attacks could have severe consequences as they can allow threat actors to deliver trojanized software to the victim’s customers. 

AnyDesk says its software has been downloaded more than 800 million times by users around the world.

Advertisement. Scroll to continue reading.

Cybersecurity firm Resecurity reported shortly after the breach came to light that an individual has offered to sell the credentials of more than 18,000 AnyDesk customers on a prominent cybercrime forum. The seller is asking for $15,000 in cryptocurrency. 

The credentials were apparently obtained with the aid of information-stealer malware that had compromised AnyDesk users’ systems. While the sale of credentials does not appear to be directly related to the breach, Resecurity believes cybercriminals are in a rush to monetize the credentials before they are changed by users as recommended by the vendor in response to the breach.

Related: Russian Cyberspies Exploiting TeamCity Vulnerability at Scale: Government Agencies

Related: North Korean Software Supply Chain Attack Hits North America, Asia 

Related: New ‘Carderbee’ APT Targeted Chinese Security Software in Supply Chain Attack

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Jill Popelka has been appointed CEO at Darktrace, after serving as COO for three months.

GitHub has appointed Alexis Wales as its new Chief Information Security Officer.

Cybersecurity and intelligence solutions provider Nightwing has appointed Christopher Jones as CTO and CDO.

More People On The Move

Expert Insights