Who: AnyDesk, a remote desktop software maker based in Germany, suffered a cyber attack that compromised its production systems.
What: The incident, discovered through a security audit, is not a ransomware attack. AnyDesk has revoked security certificates, replaced or remediated affected systems, and is in the process of updating code signing certificates. As a precaution, all passwords to its web portal have been revoked, and users are urged to change passwords, with a recommendation to download the latest software version featuring a new code signing certificate.
How: The specifics of when and how the production systems were breached are undisclosed. There is no evidence of any end-user systems being affected. Cybersecurity firm Resecurity found two threat actors offering a significant number of AnyDesk customer credentials for sale, potentially for technical support scams and phishing. Unauthorized access occurred post-incident disclosure, suggesting ongoing risks due to unchanged credentials or an ongoing attack mechanism.
Read the full article HERE