On February 2nd, 2024, AnyDesk disclosed that their production systems had been compromised and that private code signing keys and source code were stolen, while an unknown number of user accounts had their passwords reset. This is a significant concern, as it would allow a malicious attacker to generate malicious versions of AnyDesk software with compromised code that appears to be legitimate. It is assessed that approximately 18,000 credentials are available for sale on the Dark Web as a result.
As a result, AnyDesk followed through with a prepared emergency response plan, revoked compromised certificates, and has since issued an update that is available to customers. The vendor recommendation at this time is to update the software. Additional protection measures include monitoring devices known to be using AnyDesk software, whitelisting using the AnyDesk ID system, enabling multi-factor authentication, and password rotation on impacted accounts.
If you are a current AnyDesk customer, Centripetal’s CleanINTERNET® will continue to provide dynamic threat intelligence-based protection against known indicators of compromise, limiting threat actor’s ability to attack. Additional shielding opportunities may become available depending on observed network traffic. Our intelligence operations analysts are actively searching for potential exploitation attempts as a result of this breach.
Centripetal is pleased to offer Penetration Testing and Vulnerability Assessment services to help organizations identify vulnerabilities and reduce risk. If interested, please contact our Professional Services team at profservs@centripetal.ai or reach out to your Centripetal Account Representative.