AnyDesk confirmed that a cyberattack on their production systems has taken place. This has caused AnyDesk users to become vulnerable to data breaches, phishing attacks, and malware. Barracuda MSP recommends updating to the latest version of Windows (8.0.8) immediately and changing your AnyDesk password to prevent unauthorized access. Continue reading this Cybersecurity Threat Advisory for more information.
What is the threat?
AnyDesk, remote desktop software provider, confirmed on Friday, February 2, 2024 that a cyberattack has affected their product systems. While they claim user data and access tokens remain reportedly secure, this attack could potentially lead to widespread attacks. Attackers could exploit the stolen source code and develop exploits, leading to data breaches, unauthorized access, and large-scale malware infections. Applications could be created with forged certificates and used in phishing campaigns. Users could be tricked into downloading malware, leading to identity theft, financial loss, and data exfiltration. This could further lead to disruption of business operations and loss of customers, and damages to the company’s reputation.
Why is it noteworthy?
The exact nature of the attack remains unknown. However, AnyDesk acknowledges that source code and code signing certificates were stolen. This raises two critical security concerns:
- Potential software vulnerabilities: Attackers could analyze the stolen source code to discover and exploit security weaknesses within the AnyDesk application.
- Code signing certificate compromise: Malicious actors could potentially forge legitimate-looking AnyDesk applications, creating opportunities for phishing and malware attacks.
While AnyDesk assures no end-user devices have been affected, the lack of complete transparency regarding attack methods leaves users with some uncertainty.
What is the exposure or risk?
The attack poses several potential risks:
- Software security: The stolen source code could be used to develop exploits targeting AnyDesk users, potentially leading to data breaches or unauthorized access.
- Phishing and malware: Forged applications signed with compromised certificates could trick users into downloading and executing malicious software.
- Reputational damage: Security incidents can erode user trust and negatively impact brand image.
The severity of these risks depends on various factors, including the attackers’ intentions and capabilities, the effectiveness of AnyDesk’s response, and user awareness and vigilance.
AnyDesk has implemented several measures to mitigate the risks:
- Revocation of passwords and certificates: All passwords to the AnyDesk web portal were revoked, and code signing certificates are being replaced.
- Software update: Users should to download the latest version (8.0.8 for Windows) with a new certificate.
- Password reset: Users should change their AnyDesk password, especially if used elsewhere.
What are the recommendations?
Barracuda MSP recommends the following actions to reduce the impact of this breach:
- Users:
- Update AnyDesk to the latest version (8.0.8 for Windows, other binaries are still using the old certificate) immediately.
- Change your AnyDesk password, especially if used for other services.
- Remain vigilant and be cautious of any suspicious emails or applications related to AnyDesk.
- Organizations:
- Assess the potential impact on your organization and its data due to AnyDesk usage.
- Consider alternative remote desktop solutions depending on your risk tolerance and security requirements.
- Implement additional security measures to protect against potential phishing and malware attacks.
References
For more in-depth information about the recommendations, please visit the following links:
- https://anydesk.com/en/public-statement
- https://www.bleepingcomputer.com/news/security/anydesk-says-hackers-breached-its-production-servers-reset-passwords/
- https://www.thestack.technology/anydesk-hacked/
If you have any questions about this Cybersecurity Threat Advisory, please contact Barracuda XDR’s Security Operations Center.