Note: Kyber Systems does NOT use AnyDesk services.
Recently, AnyDesk encountered a security breach that impacted its operational infrastructure. This announcement followed a report by BornCity on service interruptions at AnyDesk. The company began maintenance in late January 2024 to recover from these issues. Last week, AnyDesk acknowledged a cyberattack, clarifying it was not related to ransomware, but resulted in unauthorized access to its production systems, source code, and code signing keys, as reported by Bleeping Computer.
The breach was identified during a security check, leading AnyDesk to reset all user passwords on my.anydesk.com and advise users to change any similar passwords used elsewhere.
Despite the breach, it remains uncertain how effectively the attackers can utilize the accessed information. AnyDesk has stated that its systems do not retain private keys, security tokens, or passwords that could be misused for accessing user devices.
The significance of the security measures taken is underscored by Resecurity’s discovery of 18,317 customer credentials from AnyDesk being offered for sale on a dark web forum for $15,000 in cryptocurrency, highlighting the potential for scams and phishing attacks.
The incident may expose sensitive customer information, including license keys, session data, customer IDs, contact details, and the extent of remote access management software use among its clients. AnyDesk’s clientele includes major corporations like NVIDIA, Samsung, LG Electronics, Thales, and Comcast.
In light of the breach, Nick Hyatt from BlackPoint advises users to update their passwords proactively, citing similar security breaches involving Microsoft and Cloudflare. Despite some victims continuing to use old passwords, Resecurity’s findings suggest a broader issue with credential security. Hyatt emphasizes the importance of strong password practices and the use of multifactor authentication to prevent such cybersecurity incidents.
The breach has notably exposed AnyDesk not only to the theft of user credentials but also to the potential misuse of its source code and code signing certificates, further emphasizing the need for stringent security measures.