Critical Security Breach at AnyDesk – Immediate Actions Required
AnyDesk, a leading remote access software provider, has recently confirmed a significant cybersecurity breach involving unauthorised access to its production servers. This incident led to the theft of sensitive data, including source code and private code signing keys. The breach was first identified through signs of compromise on their product servers, prompting an immediate security audit conducted with assistance from cybersecurity experts at CrowdStrike.
The audit confirmed system compromises, leading to the revocation and replacement of security certificates and systems. Despite these measures, the potential impact on end-user devices appears to be minimal, with no evidence of compromised user sessions or stolen authentication tokens. However, out of an abundance of caution, AnyDesk has reset all passwords for their web portal and advises users to change their passwords, especially if the same credentials are used on other sites.
Upgrade to the Latest AnyDesk Version Immediately: Ensure all devices utilising AnyDesk are updated to version 8.0.8, which incorporates a new, secure code signing certificate. This step is critical as previous versions will become invalid once the old certificate is revoked.
Password Reset Protocol:
- Immediate Action: Reset passwords for AnyDesk web portal access without delay.
- Cross-Platform Security: If the AnyDesk password is used elsewhere, change those passwords as well to prevent cross-site vulnerabilities.
Continuous Monitoring and Alerting:
- CTRL will continue its monitoring efforts to detect any unusual activities that could indicate a breach or misuse of remote access tools. This includes monitoring for unauthorised access attempts and other suspicious activities.
- In the event of any security concerns, CTRL will promptly inform affected parties and provide guidance on immediate protective actions to be taken.