Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Supply Chain Security

AnyDesk Hacked: Revokes Passwords, Certificates in Response

AnyDesk is revoking certificates and passwords in response to a significant security breach impacting production systems.

AnyDesk hack

AnyDesk Software, the Germany-based developer of the popular remote access software, informed customers on Friday about a significant security breach. 

According to the company, a security audit triggered by suspicious activity led to the discovery that AnyDesk production systems were compromised. Little information has been shared on the attack itself, but AnyDesk has clarified that the incident “is not related to ransomware”.

“We have revoked all security-related certificates and systems have been remediated or replaced where necessary. We will be revoking the previous code signing certificate for our binaries shortly and have already started replacing it with a new one,” AnyDesk said.

It added, “Our systems are designed not to store private keys, security tokens or passwords that could be exploited to connect to end user devices. As a precaution, we are revoking all passwords to our web portal, my.anydesk.com, and we recommend that users change their passwords if the same credentials are used elsewhere.”

AnyDesk called in CrowdStrike to help investigate and remediate the incident and authorities have been notified. The firm claims to be confident that AnyDesk is safe to use, but urged customers to ensure that they are using the most recent version with the new code signing certificate.

The brief description of the incident suggests that the company may have been targeted in an attempted supply chain attack. These types of attacks could have severe consequences as they can allow threat actors to deliver trojanized software to the victim’s customers. 

AnyDesk says its software has been downloaded more than 800 million times by users around the world.

Advertisement. Scroll to continue reading.

Cybersecurity firm Resecurity reported shortly after the breach came to light that an individual has offered to sell the credentials of more than 18,000 AnyDesk customers on a prominent cybercrime forum. The seller is asking for $15,000 in cryptocurrency. 

The credentials were apparently obtained with the aid of information-stealer malware that had compromised AnyDesk users’ systems. While the sale of credentials does not appear to be directly related to the breach, Resecurity believes cybercriminals are in a rush to monetize the credentials before they are changed by users as recommended by the vendor in response to the breach.

Related: Russian Cyberspies Exploiting TeamCity Vulnerability at Scale: Government Agencies

Related: North Korean Software Supply Chain Attack Hits North America, Asia 

Related: New ‘Carderbee’ APT Targeted Chinese Security Software in Supply Chain Attack

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

ICS/OT

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

Supply Chain Security

SBOMs can be used for managing risk and determining vulnerability impact, but it’s very hard to build holistic risk models when the data is...

Supply Chain Security

Security researchers with NCC Group have documented 11 vulnerabilities impacting Nuki smart lock products, including issues that could allow attackers to open doors.Nuki offers...

Application Security

Enterprise communication and collaboration platform Slack has informed customers that hackers have stolen some of its private source code repositories, but claims impact is...

Government

Companies have announced securing billions of dollars in cybersecurity-related contracts with the United States government in 2022.

Artificial Intelligence

Exposed data includes backup of employees workstations, secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages.