Experts are concerned about the potential risk to users.
The manufacturer of remote access software, AnyDesk, has encountered serious security issues. From January 29 to February 1, 2024, users experienced difficulties logging in due to a four-day outage.
The company was the victim of a cyberattack in which attackers allegedly gained access to the source code and private code signing keys. Officially, AnyDesk confirmed that the incident was not related to ransomware attacks.
After detecting signs of intrusion on the product's servers, AnyDesk conducted a security audit together with CrowdStrike. As a precautionary measure, the company has revoked all security certificates and passwords for its web portal my.anydesk.com. It was also planned to revoke the previous code signing certificate and replace it with a new one.
AnyDesk said that their systems do not store private keys, security tokens, or passwords, which should eliminate the threat to end users. However, the company encourages users to change their passwords, especially if they are also used in other online services, and download the latest version of AnyDesk 8.0.8 with a new code signing certificate.
AnyDesk is popular with enterprise users, with more than 170,000 customers, including well-known companies such as LG Electronics, Comcast, NVIDIA and others. However, its widespread adoption and remote access capabilities make it an attractive tool for cybercriminals seeking permanent access to compromised devices and networks.
The manufacturer of remote access software, AnyDesk, has encountered serious security issues. From January 29 to February 1, 2024, users experienced difficulties logging in due to a four-day outage.
The company was the victim of a cyberattack in which attackers allegedly gained access to the source code and private code signing keys. Officially, AnyDesk confirmed that the incident was not related to ransomware attacks.
After detecting signs of intrusion on the product's servers, AnyDesk conducted a security audit together with CrowdStrike. As a precautionary measure, the company has revoked all security certificates and passwords for its web portal my.anydesk.com. It was also planned to revoke the previous code signing certificate and replace it with a new one.
AnyDesk said that their systems do not store private keys, security tokens, or passwords, which should eliminate the threat to end users. However, the company encourages users to change their passwords, especially if they are also used in other online services, and download the latest version of AnyDesk 8.0.8 with a new code signing certificate.
AnyDesk is popular with enterprise users, with more than 170,000 customers, including well-known companies such as LG Electronics, Comcast, NVIDIA and others. However, its widespread adoption and remote access capabilities make it an attractive tool for cybercriminals seeking permanent access to compromised devices and networks.
