Live Threat Map
It has been confirmed that AnyDesk, a renowned remote access software company headquartered in Germany, which boasts a staggering 170,000 customers worldwide, including big names such as Comcast and Thales, has fallen prey to a security breach that has compromised its production systems.
“We have revoked all security-related certificates, and systems have been remediated or replaced where company’s,” the company said.
According to recent media reports, AnyDesk has been targeted by attackers who are believed to have stolen source code and code signing certificates.
However, AnyDesk has not yet officially confirmed these reports. Nonetheless, the company has confirmed that the incident was not a ransomware attack, which is reassuring for its customers and users.
According to AnyDesk, their investigation has revealed that there is no evidence to suggest that the cyberattack led to the theft of any private keys, tokens, or passwords that could be used to gain access to end-user devices. Moreover, the company has confirmed that, at present, there are no indications that the breach has had any impact on any end-user devices.
“Our systems are designed not to store private keys, security tokens, or passwords that could be exploited to connect to end-user devices.”
In response to the incident, AnyDesk took swift action by revoking all security-related certificates and systems. The company also made sure to replace or remediate any affected systems. Additionally, AnyDesk has plans to rescind the previous code signing certificate for binaries and issue a new one to ensure the utmost security for its users.
In an effort to protect against potential threats, the company has taken the proactive step of revoking all passwords for its web portal located at my.anydesk.com. Additionally, the necessary authorities have been alerted to the breach and are taking appropriate actions to ensure the situation is promptly addressed.
“We can confirm that the situation is under control and it is safe to use AnyDesk. Please ensure you use the latest version with the new code signing certificate”, reads the report.
Read the full article here