AnyDesk revokes signing certs, portal passwords after crooks sneak into systems

Trending 3 weeks ago

AnyDesk has copped to an IT information "incident" successful which criminals collapsed into nan remote-desktop package maker's accumulation systems. The biz has told customers to expect disruption arsenic it attempts to fastener down its infrastructure.

The exertion developer, which is said to person much than 170,000 customers worldwide, disclosed nan intrusion successful a statement connected its website precocious connected Friday, claiming it is "not related to ransomware."

While there's nary circumstantial mention of stolen data, immoderate infosec analysts person pointed out that nan disclosure indicates that criminals sewage clasp of AnyDesk's codification signing certificate. That would let miscreants to walk disconnected malware arsenic legit AnyDesk devices to unsuspecting marks.

"We person revoked each security-related certificates and systems person been remediated aliases replaced wherever necessary," AnyDesk said. "We will beryllium revoking nan erstwhile codification signing certificate for our binaries soon and person already started replacing it pinch a caller one.

"As a precaution, we are revoking each passwords to our web portal, my.anydesk.com, and we urge that users alteration their passwords if nan aforesaid credentials are utilized elsewhere."

According to infosec world watchers, criminals are trading AnyDesk customer credentials connected nan acheronian web, though these whitethorn not beryllium related to this latest heist. AnyDesk says it has hired CrowdStrike to assistance pinch remediation and incident response, and notified nan authorities.

  • 'Strictly limit' distant desktop – unless you for illustration catching BianLian ransomware
  • Admin down E-Root stolen creds souk extradited to US
  • Lurie Children's Hospital backmost to pen and insubstantial aft cyberattack
  • Researchers remotely utilization devices utilized to negociate safe craft landings and takeoffs

"We tin corroborate that nan business is nether power and it is safe to usage AnyDesk," nan connection continued. "Please guarantee that you are utilizing nan latest version, pinch nan caller codification signing certificate."

Other information shops warned that nan pillaging has already begun pinch "multiple threat actors" trading entree to stolen AnyDesk credentials.

As of February 3, a time aft AnyDesk disclosed nan incident, Resecurity said 1 of these miscreants had listed much than 18,000 AnyDesk customer credentials for sale:

Nick Hyatt, head of threat intelligence astatine managed discovery and consequence patient BlackPoint, told The Register that nan credentials are legitimate, but not recently stolen.

"They are portion of a compilation of credentials amassed from erstwhile infostealer dumps," Hyatt said, adding that it's a bully illustration of criminals utilizing caller breaches to make a subordinate connected antecedently stolen secrets. ®