Response to AnyDesk breach I WatchGuard Blog

The breach and AnyDesk response

On February 2nd, the remote desktop application AnyDesk was the target of a cybersecurity breach, marking a significant event in digital security. Hackers infiltrated AnyDesk's production environment, sparking concerns over data integrity and user security. Although it was confirmed that authentication tokens, unique to each user's device, were not stolen, AnyDesk took the precaution of revoking all passwords to their web portal and all previous code-signing certificates, a move aimed at strengthening security measures.

Users were advised to change their passwords to prevent unauthorized access and strongly encouraged to update their AnyDesk software to the latest version (8.0.8 or 7.0.15 for Windows), which is secured with a new certificate, to mitigate any risks associated with the compromised certificates. Check AnyDesk FAQ: https://anydesk.com/en/faq-incident

The incident underscores the ever-present threat of cyberattacks. It serves as a reminder of the vulnerabilities inherent in operating systems and software applications and the continuous need for robust cybersecurity posture management practices. Both users and companies must remain proactive in updating and securing their software to defend against the evolving landscape of cyber threats.

How WatchGuard can help

We encourage all customers and partners to follow AnyDesks’s recommendations to upgrade to the latest version of their software (version 8.0.8 and 7.0.15).

All WatchGuard Endpoint Security solutions include hardware and software inventory functionality. This lists the software, its version, and the endpoints where it is installed. Thus, it is easy to identify the machines where software updates or uninstallation is needed, especially if the company's security policy prohibits remote access to applications.

Here's how to list hosts that still need to be updated: Go to Monitor > Endpoints > Software and search for any software named AnyDesk.