{"id":77302,"date":"2024-02-08T09:09:49","date_gmt":"2024-02-08T14:09:49","guid":{"rendered":"https:\/\/blog.cyberconservices.com\/?p=77302"},"modified":"2024-02-08T09:09:49","modified_gmt":"2024-02-08T14:09:49","slug":"18000-user-credentials-offered-on-dark-web-after-anydesk-confirms-incident","status":"publish","type":"post","link":"https:\/\/blog.cyberconservices.com\/index.php\/2024\/02\/08\/18000-user-credentials-offered-on-dark-web-after-anydesk-confirms-incident\/","title":{"rendered":"18,000 User Credentials Offered on Dark Web After AnyDesk Confirms Incident"},"content":{"rendered":"

Last week, AnyDesk confirmed it was breached in a cyber-attack that wasn\u2019t a ransomware incident. The hackers compromised the remote desktop-sharing software provider\u2019s production systems. They could also access the source code and private code signing keys, according to Bleeping Computer.<\/p>\n

AnyDesk said it discovered the breach during a security audit, has revoked passwords for all users on my.anydesk.com, and is urging users to change similar reused passwords on other platforms.<\/p>\n

The action indicates hackers successfully getting their hands on sensitive information. However, it is unclear how easily they can crack it open since AnyDesk said their \u201csystems are designed not to store private keys, security tokens or passwords that could be exploited to connect to end-user devices.\u201d<\/p>\n

The necessity of the mitigation effort by revoking passwords is evident from cybersecurity company Resecurity discovering 18,317 AnyDesk customer credentials going up on sale on dark web forum exploit dot in. \u201cThis data is ideal for technical support scams and mailing (phishing),\u201d the seller wrote to Resecurity and asked for $15,000 in cryptocurrency for the data.<\/p>\n

The breach could also potentially expose AnyDesk customers\u2019 license keys, number of active connections, duration of sessions, customer ID and contact information, email associated with the account, and the total number of hosts that have remote access management software activated.<\/p>\n

\u201cBy targeting code signing certificates, it\u2019s likely that attackers were attempting to perform a one-to-many attack \u2013 i.e. using AnyDesk as a conduit to infect their customers and partners. Code signing certificates are very powerful machine identities \u2013 if a piece of software is signed with a valid identity of this kind, then it tells other machines it can be trusted, so an attacker can send out malware which automatically runs as safe. It essentially gives the bad guys a key to walk through the front door,\u201d Kevin Bocek, VP of Ecosystem and Community at Venafi, told Spiceworks.\u00a0\u00a0Read On:<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Last week, AnyDesk confirmed it was breached in a cyber-attack that wasn\u2019t a ransomware incident. The hackers compromised the remote desktop-sharing software provider\u2019s production systems. They could also access the source code and private code signing keys, according to Bleeping …<\/span> Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":77306,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[1275,636,14],"tags":[1276,637,150],"class_list":["post-77302","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hack","category-ransomware","category-security","tag-hack","tag-ransomware","tag-security"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/blog.cyberconservices.com\/wp-content\/uploads\/2024\/02\/High-resolution-image-of-a-computer-2.png","jetpack-related-posts":[],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/posts\/77302","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/comments?post=77302"}],"version-history":[{"count":1,"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/posts\/77302\/revisions"}],"predecessor-version":[{"id":77307,"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/posts\/77302\/revisions\/77307"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/media\/77306"}],"wp:attachment":[{"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/media?parent=77302"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/categories?post=77302"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/tags?post=77302"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}