DailyPost 2688
ANYDESK PRODUCTION SERVERS BREACHED
Hacking is the new normal is being proven on a day-to-day basis. Things are getting murkier by the day. While ransomware rules the roost, other forms of hacking also remain rampant, making global news every now and then, not to talk of the run of the mill hacks, which have become so common place today. Well known companies are on the chopping block to prove it to the world, that they can strike at will, that they have the expertise to take on the skills of these companies. Just before the AnyDesk breach came to light Cloudflare disclosed that they were hacked on Thanksgiving.
This happened using authentication keys stolen during last year’s Okta cyberattack. Microsoft also had a revelation last week that they were hacked by Russian state-sponsored hackers named Midnight Blizzard. They had also hacked HPE in May. The hacking spree is endless. Continuing the spree has been the recent breach of AnyDesk confirmed by the company. The recent cyber-attack on the company led to hackers gaining access to the company’s production systems. BleepingComputer claims to have learnt that “source code and private code signing keys were stolen during the attack.
What does AnyDesk? The company delivers a remote access solution; remotely accessing computer over a network or over internet. It is very popular at the enterprise level which they use for remote support or to access collocated servers. Unfortunately, the very same software is also popular among threat actors “who use for persistent access to breached devices and networks.” How to control the double-edged nature of technology is turning out to be a nightmare. The wide-ranging nature of its client tells it all; it reports of having 170,000 customers, including8 7-Eleven, Comcast, Samsung, *MIT, NVIDIA, SIEMENS, and the United Nations.
The breach came to light after detecting indications of an incident on their production servers. Security audit was done, compromised systems determined and response plan was put in place with the help of cyber security firm CrowdStrike. As a standard practice of breached companies, AnyDesk did not share details on whether data was stolen during the attack. BleepingComputer claims that the threat actors stole source code and code signing certificates. The company has confirmed that ransomware was not involved. Advisory mainly focused on how they responded to the attack. This is also common practice of attacked companies. AnyDesk says that they have revoked security-related certificates and remediated or replaced systems as necessary.
THE BUSINESS URGENCY OF NOT TO LOSE CREDIBILITY TAKES PERCEDENCE OVER COMPANY BEING TRANSPARENT.
Sanjay Sahay
Have a nice evening.