AnyDesk Confirms Breach Of Its Production Systems

Table of Contents

AnyDesk, a popular remote desktop software, on Friday, announced that it suffered a recent cyberattack that compromised its production systems.

AnyDesk Confirms Breach Of Its Production Systems

For those uninitiated, AnyDesk provides platform-independent remote access to personal computers and other devices running the host application. It provides remote access, file transfer, and VPN features.

It has over 170,000 customers, including Amedes, AutoForm Engineering, Comcast, LG Electronics, 7-Eleven, Samsung Electronics, Spidercam, MIT, NVIDIA, Siemens, Thales, and more.

Acknowledging the security incident in a public statement on Friday, AnyDesk said they became aware of the accident upon discovering unusual signs of intrusion on their product servers.

Following the detection, the German-based company immediately conducted a security audit and activated a remediation and response plan involving cyber security experts CrowdStrike.

AnyDesk said that the remediation plan has been concluded successfully, and the relevant authorities with whom they are working very closely have been notified. The company also clarified that the security incident was not a ransomware attack.

“We have revoked all security-related certifications and systems have been improved or replaced where necessary. We will shortly revoke the previous code signing certificate for our binaries and have already started replacing it with a new one,” the company said in a public statement on Friday.

The German company also added that its systems are designed not to store private keys, security tokens, or passwords that could be exploited to connect to end-user devices.

However, as a precaution, AnyDesk has revoked all passwords to its web portal, my.anydesk.com. It also recommends that users change their passwords if the same credentials are used on other websites. Not only this, but it has also urged users to use the latest version with the new code signing certificate.

“To date, we have no evidence that any end-user devices have been affected. We can confirm that the situation is under control and it is safe to use AnyDesk. The integrity and trust in our products is of paramount importance to us and we are taking this situation very seriously,” it added.

While a report by BleepingComputer mentions that source code and private code signing keys were stolen during the cyberattack, AnyDesk has not confirmed any of it.

“AnyDesk is designed in a way which session authentication tokens cannot be stolen. They only exist on the end user’s device and are associated with the device fingerprint. These tokens never touch our systems. We have no indication of session hijacking as to our knowledge this is not possible,” AnyDesk told BleepingComputer in a statement about the attack.