AnyDesk, a German-based remote access software company, on Friday announced that its production systems were compromised in a security incident.
For those unaware, AnyDesk is a remote access solution that has more than 170,000 customers, including Amedes, AutoForm Engineering, 7-Eleven, Comcast, LG Electronics, Samsung Electronics, Spidercam, and Thales.
It allows users to remotely access computers over a network or the internet.
The German company became aware of the accident upon noticing unusual activity on their product servers, prompting them to immediately conduct a security audit.
Following the audit, AnyDesk immediately activated a remediation and response plan, developed in collaboration with cybersecurity firm CrowdStrike, and is working closely with them. It was also found that the cyberattack was not a ransomware attack.
“We have revoked all security-related certifications and systems have been improved or replaced where necessary. We will shortly revoke the previous code signing certificate for our binaries and have already started replacing it with a new one,” the company said in a public statement on Friday.
During the investigation, AnyDesk did not find any evidence of any private keys, tokens, or passwords being obtained that could be used to exploit to connect to end-user devices.
However, as a precautionary measure, the company has revoked all passwords to its web portal, my.anydesk.com, and suggested its users change their passwords if the same credentials have been used on any other websites. Additionally, it has also encouraged users to use the latest version, with the new code signing certificate.
“To date, we have no evidence that any end-user devices have been affected. We can confirm that the situation is under control and it is safe to use AnyDesk. The integrity and trust in our products is of paramount importance to us and we are taking this situation very seriously,” it concluded.
