Enhancing Cybersecurity: Lessons from the AnyDesk Breach


AnyDesk, a widely-used remote desktop solution, encountered a significant security breach in December, which was brought to light in early February 2024.


During the incident, AnyDesk's production servers were compromised, resulting in cybercriminals gaining access to production systems, source code, and code-signing certificates.

While AnyDesk acknowledged the breach, there remains a lack of clarity regarding the exact nature and implications of the vulnerabilities. However, they assured users that it was not an extortion attempt (ransomware), and no malicious code was distributed to customers, nor was any user data stolen.


Nevertheless, users were advised to promptly update their AnyDesk version and user credentials. Additionally, certificates used to sign previous versions of the software were revoked.


With approximately 170,000 customers, including some AXS Guard clients, this incident prompted organizations to reassess the risks associated with such software.


One of our clients recognized the inherent dangers of allowing external access to PCs within their business environment, prompting a review of their policies. 

Seeking to mitigate these risks, the client engaged AXS Guard to explore options for restricting the usage of vulnerable software within their environment.

How to handle this situation/problem?

Collaborating with AXS Guard experts, several proactive measures were implemented: 

1. IBM
QRadar EDR

A DeStra (Detection Strategy) policy was created to immediately halt AnyDesk operations.

Users attempting to launch AnyDesk received notifications of policy violations, while system administrators received alerts via the QRadar EDR dashboard. 

2. AXS Guard - SecureDNS

Comprehensive DNS filter was rapidly deployed to all AXS Guard appliances.

This filter effectively blocks AnyDesk connections at the DNS level, and provides detailed event logs which are accessible via the DNS Security dashboard in the AXS Guard Cloud.

3. AXS Guard - Firewall

As an additional safeguard, advanced firewall rules were implemented. ​

This way inadvertent and unauthorized connections are blocked.

Conclusion

The proficiency and flexibility demonstrated by the AXS Guard team facilitated a prompt resolution of the client's apprehensions. It's imperative, according to AXS Guard, to thoroughly examine all tools and software within your company network. While the AnyDesk incident provides a concrete example, maintaining strong cybersecurity hygiene requires constant vigilance in monitoring network activity and conducting meticulous assessments of application reliability. 

Enhancing Cybersecurity: Lessons from the AnyDesk Breach
Able bv, Joren De Breucker February 19, 2024

A summary of the NIS 2 ‘essentials’