Popular remote access software AnyDesk disclosed last week that hackers breached their systems and stole valuable assets. An investigation revealed that source code and private code signing keys were exfiltrated during the incident.
AnyDesk is utilized by over 170,000 organizations for remote administration and support. Customers include major companies like 7-Eleven, Comcast, Samsung, MIT, NVIDIA, Siemens, and even the United Nations.
The easy-to-use software allows users to securely connect to other devices over the internet. This accessibility makes it valuable not only for legitimate IT purposes but also for cybercriminals seeking unauthorized access.
Details of the AnyDesk Hack
AnyDesk first detected signs of the breach after observing unusual activity on their production servers. They promptly assembled an incident response team with assistance from cybersecurity firm CrowdStrike.
Examining the scale of the intrusion, investigators determined the source code and code signing keys were stolen. Ransomware was ruled out, although details remain scarce.
Also Read: HostAfrica warns clients of impending phishing attack targeting account credentials
In a statement, AnyDesk confirmed that while the situation is now contained, servers were definitely compromised in the attack. As part of remediation efforts, impacted systems have been replaced or restored.
Additionally, certificates related to the software’s security have been revoked. New certificates are now active to prevent potential misuse of those stolen.
No Evidence of End-User Impact
While the attack clearly breached infrastructure storing valuable intellectual property, AnyDesk believes end-users remain unaffected. According to their investigation:
- No personally identifiable data or credentials were accessed in the incident.
- Authentication tokens are created locally on devices and were not compromised.
- No evidence suggests ongoing session hijacking or account breaches.
“Our systems are designed not to store private keys, security tokens, or passwords that could be exploited to connect to end-user devices.”
Also Read: Russian hackers breach Microsoft seeking insights into themselves
Despite these assurances, the company has taken the precaution of resetting all passwords associated with their web portal. Users are encouraged to set a unique new password if they reuse credentials on additional services.
Mitigating AnyDesk Cyberattack Fallout
To limit the fallout of the attack, AnyDesk has released an updated client version containing the new certificate. All users should upgrade to this latest build immediately.
“We can confirm that the situation is under control and it is safe to use AnyDesk. Please ensure you use the latest version with the new code signing certificate”, reads the report.
Although AnyDesk remains confident in user security, enabling two-factor authentication provides an extra layer of account protection. Users should also closely monitor devices for suspicious remote access and reset AnyDesk passwords.
Implementing strong, unique passwords across services reduces the risk of accounts being compromised in future cyberattacks. Reusing the same passwords drastically elevates an organization’s risk.
With software vulnerabilities frequently targeted by hackers, routine patching and updating is critical. Out-of-date clients and plugins expose users to potential data theft or service disruption.
The AnyDesk cyberattack exemplifies the growing information security threats facing businesses today. Implementing core best practices and enabling security features helps mitigate organizational risk.
