Supply Chain: AnyDesk Customers Affected By Credentials Breach

Remote desktop software maker AnyDesk has disclosed that it suffered a cyber attack first detected on on Friday 2nd February that has caused problems with its production systems. 

As a consequence, AnyDesk is revoking certificates and passwords which may affect as many as 170k customers, including  major business es like Amedes, AutoForm Engineering, LG Electronics, Samsung Electronics, Spidercam, and Thales.

The German based company said the incident, which it discovered following a security audit, is not a ransomware attack and that it has notified relevant authorities. "We have revoked all security-related certificates and systems have been remediated or replaced where necessary," the company said in a statement. 

The  AnyDesk credentials seem to have been obtained with the aid of information-stealer malware that had compromised AnyDesk users’ systems.  "We will be revoking the previous code signing certificate for our binaries shortly and have already started replacing it with a new one." the company said.

AnyDesk did not disclose when and how its production systems were breached. It's currently not known if any information was stolen following the hack. However, it emphasised there is no evidence that any end-user systems have been affected.

Meanwhile, researchers at endpoint protection specialist Resecurity have found two threat actors, one of whom goes by the online alias "Jobaaaaa," advertising a "significant number of AnyDesk customer credentials for sale at Exploit[.]in," noting it could be used for "technical support scams and mailing (phishing)." The threat actor has been found offering 18,317 accounts for $15,000 in crypto currency, in addition to agreeing to a deal via escrow on the cyber crime forum. There is no evidence that  sale of credentials is related to the AnyDesk breach,

While exactly how these credentials were obtained, cyber criminals will be moving fast to exploit the exposed login details before passwords are reset.

These events follow only a a day after leading Internet security firm Cloudflare said that it was hacked by a suspected nation-state attacker using stolen credentials to gain unauthorised access to its Atlassian server and ultimately access documentation and a limited amount of source code

AnyDesk:      AnyDesk:      @anydesk:      Resecurity:    Born City:    Cloudflare:      Security Week:   

Hacker News:    TechTarget:     YCombninator:  

You Might Also Read:      

 BEC Attacks: Trends & Predictions For 2024:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Elections 2024 - Fake News & Misinformation  
Healthcare Has Issues With Outsourced Cyber Security »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Sophos

Sophos

Sophos is a worldwide leader in next-generation cybersecurity, protecting more than 400,000 organizations of all sizes in more than 150 countries from today’s most advanced cyberthreats.

Apcon

Apcon

Apcon's mission is to provide valuable network insights that enable security and network professionals to monitor, secure and protect their data in both physical and virtual environments.

NRD Cyber Security

NRD Cyber Security

NRD Cyber Security create a secure digital environment for countries, governments, and organisations and implement cybersecurity resilience enhancement projects around the world.

StackRox

StackRox

StackRox delivers a container-native security platform that adapts detection and response to new threats.

MAD Security

MAD Security

MAD Security is a premier provider of information and cybersecurity solutions that combine technology, managed security services, support and training.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Centro de Gestion de Incidentes Informaticos (CGII)

Centro de Gestion de Incidentes Informaticos (CGII)

CGII is the Computer Incident Management Center of the State of Bolivia.

Datplan

Datplan

Datplan offers a software solution that gives an overview of 8 key cyber risk areas, their threats, and risk management steps.

Cybil

Cybil

Cybil is a publicly-available portal where members of the international cyber capacity building community can find and share information to support the design and delivery of programs and projects.

Penten

Penten

Penten is an Australian-based cyber security company focused on innovation in secure mobility and applied AI (artificial intelligence).

FAIR Institute

FAIR Institute

The FAIR Institute is a non-profit professional organization dedicated to advancing the discipline of measuring and managing information risk.

Conquest Cyber

Conquest Cyber

Conquest Cyber builds adaptive risk management programs where innovation is most needed – within defense, intelligence, federal civilian agencies and the industrial base that supports them.

MillenniumIT ESP (MIT ESP)

MillenniumIT ESP (MIT ESP)

MillenniumIT ESP provides solutions and services around Core Infrastructure, Cloud, Cyber Security, Enterprise Applications, Intelligent Automation and Data, Smart Buildings, and Managed Services.

Appurity

Appurity

Appurity specialises in mobile and application security, delivering comprehensive solutions across all verticals.

Tech Vedika

Tech Vedika

Tech Vedika has access to technical guidance, training and resources from AWS to successfully undertake solution architecture, application development, application migration, and managed services.

HYCU

HYCU

HYCU was born of the need to simplify data protection and provide equivalent levels of backup and recovery support across on premises, public cloud, and SaaS workloads.