AnyDesk Security Incident

Keith Kirkland Updated by Keith Kirkland

High Level Summary of the Security Advisory

AnyDesk is a prominent provider of remote desktop software solutions, offering users secure and smooth access to computers over networks and the internet. Renowned for its high performance and strong security features, the platform has become a favored option for individuals and businesses alike, especially within the enterprise sector.

On February 2, 2024, AnyDesk released a public statement acknowledging a cyberattack that breached its production systems. The company swiftly launched a thorough security investigation, upon detecting indications of the incident on some of their systems, which confirmed the compromise of their production environment. AnyDesk promptly implemented a remediation and response plan, engaging cybersecurity experts CrowdStrike. The remediation efforts have been successfully completed, and AnyDesk informed the appropriate authorities regarding the breach. Importantly, AnyDesk clarified that the incident did not involve ransomware, distinguishing it from certain types of cyberattacks that aim to encrypt data for ransom purposes. 

While acknowledging the cyberattack, AnyDesk's public statement assured its users that there was no evidence of any customer data exfiltrated or impact on end-user devices, further emphasizing that the situation is under control and that using AnyDesk remains safe. AnyDesk further confirmed the revocation of all security-related certificates and the completion of necessary remediation or system replacement. They also announced plans to revoke the previous code signing certificate for their binaries soon and are currently in progress of replacing them with new certificates.

AnyDesk initiated a password reset for all accounts on the my.anydesk.com web portal to bolster security measures. Users are strongly encouraged to reset their passwords, particularly if they have been used elsewhere.

Should I be concerned?

Maybe. It depends if you have a relationship with AnyDesk. Click on the link below to find out if you have a relationship with this vendor. If you do, follow the recommendations below.

Note: this link specifically references vendor directory records. You may also want to search your Relationship List for "AnyDesk” to confirm.

What to do if you or your vendors have an active relationship with AnyDesk

As per the notice, AnyDesk immediately took all essential measures to investigate and mitigate the incident, and they continue to collaborate with all relevant authorities. The enforced password reset for the customer portal my.anydesk.com was conducted as a precautionary measure. 

As per the latest update in the Incident response dated February 5, 2024, AnyDesk advised users to upgrade to the latest software versions 7.0.15 and 8.0.8, with the new code signing certificate. Additionally, users were encouraged to promptly contact AnyDesk Software GmbH to assess any potential impact of the incident and to implement necessary remedial actions to address identified risks or vulnerabilities.

AnyDesk has set up an FAQ section available at https://anydesk.com/en/faq-incident, which will be updated to address concerns and to correct any false information that may be circulating about the incident.

You can reach out to AnyDesk by email at hotline@anydesk.com or by phone at +852 3001 1451.

 

--------------------------------------------------------------

We are actively working on future product enhancements related to these types of events. If you found this information helpful or have additional feedback please let us know at product@visotrust.com

For any additional questions, please reach out to your customer success manager.

Stay ahead of the curve with our Public Risk Notice Alerts!

Get the latest information and news to your inbox on cybersecurity breaches and third-party vendor risks that could impact your organization.

Sign up today to fortify your organization's security.

The VISO TRUST team

—----------—----------—-----

How did we do?

ConnectWise ScreenConnect Authentication Bypass Vulnerability

Okta's Support System Security Incident

Contact