Manufacturer of Anydesk Remote Access Faces Serious Security Problems
The manufacturer of the Anydesk remote access is faced with serious security problems. From January 29 to February 1, 2024, users experienced difficulties with entering the system due to a four-day failure.
The company became a victim of a cyber attack, as a result of which the attackers, presumably, gained access to the source code and private keys of the code signature. Officially, Anydesk confirmed that the incident was not related to extortion attacks.
After detecting signs of invasion on the servers of the product, Anydesk conducted a security audit together with Crowdstrike. As a precaution, the company withdrew all security certificates and passwords to its web portal My.anydesk.com. It was also planned to cancel the previous code signature certificate and replace it with a new one.
Anydesk said that personal keys, security tokens or passwords are not stored in their systems, which should exclude the threat to end users. Nevertheless, the company urges users to change their passwords, especially if they are used in other online services, and download the latest version of Anydesk 8.0.8 with a new certificate of code signature.
Anydesk is popular among corporate users, having more than 170,000 customers, including well-known companies, such as LG Electronics, Comcast, Nvidia and the UN. However, its widespread and the possibility of remote access make it an attractive tool for cybercriminals seeking to get constant access to compromised devices and networks.