Remote access software company AnyDesk recently disclosed a security incident involving compromised production systems.
In a public statement, AnyDesk stated that indications of unauthorized access prompted an immediate security audit. The audit uncovered evidence that some AnyDesk production servers had been breached.
In response, AnyDesk enacted its incident response plan and brought in cybersecurity firm CrowdStrike to assist with remediation efforts. The company says that remediation has now been successfully completed. All affected systems were either remediated or replaced to eliminate any remnant of the breach.
“Following indications of an incident on some of our systems we conducted a security audit and found evidence of compromised production systems. We immediately activated a remediation and response plan involving cyber security experts CrowdStrike”- reads security advisory.
Additionally, AnyDesk revoked all previous security certificates for their software and has begun issuing new certificates with a different code signing key. This was done as a precautionary measure to prevent any potential misuse of the compromised certificates. The company also revoked all passwords for their web portal and recommends users change passwords if they were reused on other services.
We have already reported that there is a sign of security incidents at AnyDesk, after reading the official changelog page which states the security update-
- Security update: Exchanged code signing certificate. The previous certificate will be invalidated soon. Please update
The previous certificate will be invalidated soon. Please update. But at that time the picture was not cleared as there were no comments from AnyDesk side nor we have seen any proof of breach.
While investigating the incident, AnyDesk found no evidence that any private keys, tokens or passwords were obtained that could be used to access end-user devices. The company also states that currently there are no indications any end-user devices were impacted by the breach.
“Our systems are designed not to store private keys, security tokens or passwords that could be exploited to connect to end user devices.
AnyDesk said authorities have been notified of the incident and an investigation is underway. The company emphasized that the situation is now under control and that their software is once again safe to use after updating to the latest version containing the new code signing certificate.