AnyDesk Cyberattack incident – February 2024

German software developer AnyDesk has reported a cyberattack during the past week and a half. We look at the details of the cyber security incident below.

  • AnyDesk acknowledged a cyber-attack on 2 February 2024.
  • The purported attack was carried out by threat actors in the last week of January.
  • A security audit trail established the cyber-attack on the production servers of AnyDesk.
  • AnyDesk roped in Crowdstrike to perform a forensic audit and remediate the security incident.
  • AnyDesk has confirmed that remote user connections remain unaffected by the breach.
  • The said attack does not look like a ransomware incident.
  • AnyDesk has confirmed that the user portal access to my.anydesk.com details may have been compromised under the attack. It has, therefore reset the passwords of all users to the portal.
  • AnyDesk has also suggested users upgrade to the latest version of AnyDesk software for security reasons.

The following remediation steps were carried out by AnyDesk to resolved the security incident:

  • AnyDesk detected a cyber-attack during a security audit. The attack was confirmed on 2 February 2024.
  • Crowdstrike was involved to remediate the attack and audit the security breach.
  • AnyDesk has confirmed vide a statement – “We have revoked all security-related certificates and systems have been remediated or replaced where necessary. We will be revoking the previous code signing certificate for our binaries shortly and have already started replacing it with a new one”
  • AnyDesk reiterated – “Our systems are designed not to store private keys, security tokens, or passwords that could be exploited to connect to end-user devices. As a precaution, we are revoking all passwords to our web portal, my.anydesk.com, and we recommend that users change their passwords if the same credentials are used elsewhere.”

As part of the recent data breach at AnyDesk, the German software developer wants its users to perform the following two steps:

  • Reset the password to the web portal my.anydesk.com.
  • Upgrade the remote connection software version of AnyDesk to the latest version. The company recommends using the latest AnyDesk software versions 7.0.15 and 8.0.8.  If you want to check whether you are using the latest version, you can open the properties in your client.
  • AnyDesk has confirmed that “Our assessment concluded that there was only a theoretical risk of user credentials being compromised. Even to read credentials from these extremely limited connections, the attackers would have had to rewrite the very extensive code of our software in the very short time available, trick users into using a fake version of our software and then have them enter their password. This seems unlikely, although not impossible.”
  • AnyDesk considers remote session hacking in connection to the incident extremely unlikely.
  • AnyDesk has confirmed that its software is safe to use. It is not being used to spread malware to the end customer networks and endpoints. The company released a statement stating -“
  • No. We have performed a review of our code and see no malicious modifications. We also have no evidence of malicious code being distributed to customers through any AnyDesk systems.”

You may like to read additional cyber-security incidents below:

How useful was this post?

Click on a star to rate it!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.