WatchGuard Blog

AnyDesk Case: What steps should users take to protect themselves?

On February 2, the popular remote access tool AnyDesk disclosed that it had suffered a cyberattack that had compromised its production systems. 

Although AnyDesk has not revealed specific details about the root cause of the attack, the measures taken to mitigate it, such as mandatory password resets and code signing certificate renewals, suggest that cybercriminals gained access to user passwords and the company's code signing certificate.

AnyDesk also advised users to change their passwords if they had used them on other platforms. Moreover, it asked them not to download software or updates from unsecured third-party websites and to upgrade to the latest version of the software with new code signing certificates.

What risks do users face?

Once hackers manage to get access to a company's source and signature code there is a high risk that they will use them to carry out a supply chain attack. This would involve inserting malicious code into AnyDesk's software and signing it with the stolen certificate, making the malicious files look legitimate. They could then distribute the infected software to AnyDesk customers, resulting in a large-scale attack.

Another risk has also emerged that is unrelated to the attack earlier this year but keeps the focus on AnyDesk software. 

A type of scam has recently been detected in which hackers identify their victims within the company and then contact them by email or text message. The message then takes them to a fake website that mimics their bank or financial institution. To get help, they are asked to download a program that appears to be a 'live chat' application, but is actually outdated AnyDesk remote control software. By running it, the cybercriminal can control the victim's device and perform actions as if they were the victim. Fake domains for different banks have been detected using this same method. 

3 steps you need to take to protect yourself

Remote monitoring and management (RMM) solutions are essential tools for managed service providers (MSPs), enabling them to monitor and manage endpoints and deploy software on their customers' computers. However, these solutions are also attractive to cybercriminals, who use them to gain access to corporate networks and obtain sensitive information.

In recent weeks, AnyDesk has been in the spotlight. First, because it has been the victim of a cyberattack and then because its software has been used to carry out a new scam. In the light of what has happened, if you are a user of this software, we advise you take the following measures: 

  • Update your AnyDesk software: 

    To mitigate the risks associated with the breach you need to update this software to the latest version, with the new code signing certificate. To facilitate this task, WatchGuard Patch Management allows you to manage vulnerabilities in operating systems and third-party software on Windows, macOS, and Linux computers and servers, as well as to know which version of the program it is and on which computers it is installed. This makes it easier to identify devices that require software updates or uninstallations, especially in companies with security policies that restrict remote access to applications. 

  • Change your AnyDesk passwords and enable MFA: 

    Strengthening user security starts with implementing robust access protocols. This entails adopting unique and complex passwords, along with the widespread use of MFA as a critical first line of defense.

  • Use an advanced endpoint security solution: 

    To avoid falling victim to the phishing campaign involving AnyDesk software, it is advisable to have an advanced endpoint security solution, including context detection for non-malware attacks. This feature analyzes the context of an action or event and determines if it is malicious, even if there is no detectable malware.

If you would like to learn more about how to strengthen RMM software security, check out the following articles on our blog: 

Share this: