AnyDesk, a remote desktop application company with 170,000 customers globally, confirmed its production systems were hacked.
The Germany-based widely known AnyDesk, a remote desktop application company, with its 170,000 customers worldwide, boasts that it empowers users to connect to, access and control any device from almost anywhere else. Its decluttered user interface and multitude of features make it an increasingly attractive solution.
AnyDesk Hacked: What Led to the Hack?
On February 02, 2024, AnyDesk released an advisory indicating a potential security incident that compromised the production systems of the company. This news breaks at a time when the FBI director recently announced the Chinese hackers targeting U.S. organizations and Cloudflare declared a data breach.
The security advisory released by AnyDesk on Friday said, “We conducted a security audit and found evidence of compromised production systems.” Besides the notification about the data breach, AnyDesk hasn’t disclosed the cause of the security incident yet. The consequences of this breach could be significant for AnyDesk and its brand reputation.
It can be deduced from the advisory that AnyDesk’s code signing certificate had been stolen or compromised during the breach. While the company notified customers of an unplanned maintenance, client logins have failed for almost three days, leaving the customers in chaos. According to the changelog, a previous code signing certificate was invalidated on January 29, suggesting a compromised code signing certificate. However, the company did not give out a formal confirmation of the code signing certificate breach.
Is AnyDesk Used By Hackers? A History of AnyDesk Phishing Scams
Despite its legitimate benefits to customers, AnyDesk has always been in the news for its extensive usage by hackers. Security researchers have observed AnyDesk being used by hackers and seamsters to perform cyber crimes and scams in recent years.
In another incident reported in 2022 by NewsWires, the fraudster impersonated himself as a HSBC agent from the bank’s fraud department and coerced a woman in the U K to download and install AnyDesk on her PC.
Once the victim has followed the instructions and downloads and installed AnyDesk, the remote controller gains full access and can use the victim’s machine at will – for anything from financial scams to wholesale personal data theft. Unfortunately, even though you deleted the AnyDesk software, it does not prevent hackers from accessing the PC, tablet, or mobile. To make things worse for the big corporate organizations, AnyDesk can also be used by nation-state-sponsored hackers or ransomware gangs to perform more sophisticated cyber attacks or ransomware attacks, costing the companies millions.
To prevent such mishaps, AnyDesk released a fraud prevention mechanism to ensure safe and secure application usage and customer security.
AnyDesk Hacked: Should You Worry?
In response to the hacking incident, AnyDesk has announced that it has successfully implemented the remediation plan and is working closely with the relevant authorities. The company indicated in its advisory that it had taken immediate action to secure the affected production systems and control the situation.
In addition, security researchers joined hands to detect and mitigate the risk to the organizations. Recently, Florian Roth, founder of Nextron Systems, announced details of a Yara rule that can detect the presence of the affected code signing certificate in your organization.
I have created a YARA rule to detect binaries that are signed with a potentially compromised AnyDesk signing certificate
(if the PE header info isn’t AnyDesk -> other binaries signed with the compromised cert)#100DaysOfYARA #AnyDesk https://t.co/W42dTSWj0K https://t.co/y7o5LWOKJs pic.twitter.com/AAyL0jJdmZ
— Florian Roth (@cyb3rops) February 2, 2024
For AnyDesk, this incident is of course a major embarrassment – but the company’s statement that the safety of its user base remains paramount, and its apparent determination to track down the source of the problem and fix it seems trustable. While the AnyDesk company haven’t yet released details of what exactly the problem was, presumably they’re investigating how the original breach occurred. In the meantime, and as that investigation proceeds, we can look forward to updates and support from the company to their user base to keep people calm and reassured.
Though the company mentioned in the advisory that no end-user devices had been affected, it is advisable to stay vigilant for any signs of suspicious activity. AnyDesk users are advised to take appropriate steps to protect themselves. This includes changing passwords, updating the AnyDesk remote desktop application software to the latest version, enabling two-factor authentication, etc.
Some security professionals recommend disabling AnyDesk until more information about the cause of the incident is known. In addition, you can consider installing the software only when it is absolutely necessary. Additionally, it is always recommended that users should report any suspicious or unauthorized activities to the company’s customer support.
For more cybersecurity news and updates, follow us on Cybersecurity – The SOC Labs.
Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The SOC Labs assumes no liability for the accuracy or consequences of using this information.
Discover more from The SOC Labs
Subscribe to get the latest posts sent to your email.