February 5, 2024 at 01:34PM
AnyDesk acknowledged an IT security incident where criminals breached its systems. Though not related to ransomware, the intrusion compromised the code signing certificate, posing a threat of distributing malware as legitimate software. The company has taken steps to address the situation, including revoking security certificates, recommending password changes, and hiring CrowdStrike for assistance.
Summary of Meeting Notes:
– AnyDesk has acknowledged an IT security incident where criminals accessed the company’s production systems, leading to potential disruption for customers.
– The intrusion was disclosed on Friday, with the company assuring that it’s unrelated to ransomware. Infosec analysts have noted that criminals obtained AnyDesk’s code signing certificate, which could be used to pass off malware as legitimate tools.
– AnyDesk has taken steps to address the breach, including revoking security-related certificates, replacing systems, and revoking web portal passwords. They have also hired CrowdStrike for assistance and notified authorities.
– There are reports of AnyDesk customer credentials being sold on the dark web, prompting warnings from other security firms. Resecurity noted that more than 18,000 customer credentials were listed for sale by a threat actor.
– Despite the incident, AnyDesk has stated that the situation is under control and advised users to ensure they are using the latest version with the new code signing certificate.
– Nick Hyatt from BlackPoint confirmed the legitimacy of the listed credentials, clarifying that they are part of previously stolen data. This illustrates the practice of criminals leveraging new breaches to profit from previously stolen information.