AnyDesk Incident Response 2-2-2024 (opens in new tab)

(anydesk.com)

29 pointsmatbilodeau2y ago11 comments

11 comments

The ramifications of this breach are profound. Cybercriminals who gained access to the AnyDesk portal could glean valuable information about customers, including license keys, active connections, session durations, contact information, email addresses, and the number of managed remote access hosts, all with their online/offline status and IDs. Such details open up a plethora of malicious possibilities.

In light of this breach, AnyDesk customers must take proactive steps to protect their accounts and data. Password changes alone are insufficient. AnyDesk offers a whitelist feature, enabling users to specify who can connect to their devices, adding an extra layer of security. Multi-factor authentication (MFA) is strongly recommended to enhance account protection. Organizations should also monitor for any unexpected password and MFA changes, suspicious sessions, and emails referencing AnyDesk accounts from unknown sources.

https://securityonline.info/anydesk-breach-2024-dark-web-sal...

cricalix2y ago

Are there any good alternatives these days for occasional remote management of a Win10 machine from a Linux desktop? I do occasional support for a club, and it's helpful to not have to go there.

Used to use logMeIn. Then TeamViewer (but they got popped too). Then AnyDesk. Contemplating I might need to just TailScale and use RDP, but I need to be able to do it with no interaction at the remote end.

mindofbeholder2y ago

MeshCentral if you’re able to host the service on your own hardware.

neodymiumphish2y ago

TacticalRMM was super useful for me in a very similar context.

Maskawanian2y ago

I've had good experiences with rustdesk.

jwnin2y ago

Page 1 of the IR playbook, announce it Friday evening.

ratg132y ago

When did this start?

I noticed Microsoft seems to always do this. Is this common practice for everyone now?

mango72832y ago

just f the rest of us blue teamers right. can;t even have a fing quiet saturday. week after week after week.

and holier than thou it people call us incompetant just because we won;t allow a half dozen unmonitorable open source solutions hacked together as an alternative to using vendor crap. :)

fullspectrumdev2y ago

If you (blue team) are getting in the way of IT operations, you probably are due some criticism.

Security teams should be enablers, and work to find ways to add monitoring - not just “the no department”.

1 more reply

matbilodeauOP2y ago

https://www.thestack.technology/anydesk-hacked/

j / k navigate · click thread line to collapse

11 comments

matbilodeauOP2y ago

https://securityonline.info/anydesk-breach-2024-dark-web-sal...

cricalix2y ago

Are there any good alternatives these days for occasional remote management of a Win10 machine from a Linux desktop? I do occasional support for a club, and it's helpful to not have to go there.

mindofbeholder2y ago

MeshCentral if you’re able to host the service on your own hardware.

neodymiumphish2y ago

TacticalRMM was super useful for me in a very similar context.

Maskawanian2y ago

I've had good experiences with rustdesk.

jwnin2y ago

Page 1 of the IR playbook, announce it Friday evening.

ratg132y ago

When did this start?

I noticed Microsoft seems to always do this. Is this common practice for everyone now?

mango72832y ago

just f the rest of us blue teamers right. can;t even have a fing quiet saturday. week after week after week.

and holier than thou it people call us incompetant just because we won;t allow a half dozen unmonitorable open source solutions hacked together as an alternative to using vendor crap. :)

fullspectrumdev2y ago

If you (blue team) are getting in the way of IT operations, you probably are due some criticism.

Security teams should be enablers, and work to find ways to add monitoring - not just “the no department”.

1 more reply

matbilodeauOP2y ago

https://www.thestack.technology/anydesk-hacked/

j / k navigate · click thread line to collapse