Hacker attack on AnyDesk: how does the company eliminate the consequences of malicious actions?

Remote access software provider AnyDesk has confirmed that a cyberattack allowed hackers to gain access to its production systems, writes TechCrunch.

Millions of IT professionals use AnyDesk software to quickly and remotely connect to other devices, often to help resolve technical issues.

On its website, the company claims to have more than 170 thousand customers, including Comcast, LG, Samsung, and Thales. However, AnyDesk has also gained popularity among hackers.

For example, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced in January that hackers had compromised federal agencies using legitimate remote desktop software, including AnyDesk.

News of the hack began to spread on Monday, January 29. After a several-day hiatus, AnyDesk confirmed that it had “found evidence of compromised production systems.”

As part of its response to the incident, the company invalidated all passwords to its web portal, revoked security-related certificates, and took other remedial measures. AnyDesk stated that the incident was not related to ransomware, but did not disclose the specific nature of the cyberattack.

The company also said there was no evidence that end-user systems were affected. At the same time, it urged users to make sure they are using the latest version of the software with a new code signing certificate.

AnyDesk has already faced criticism for its response to the cyberattack. The fact is that in the first days, the company claimed to be undergoing “maintenance.” And only on the eve of the weekend did it confirm the cyberattack.