AnyDesk confirmed today that it suffered a recent cyberattack that allowed hackers to gain access to the company's production systems. BleepingComputer has learned that source code and private code signing keys were stolen during the attack.
At least Anydesk didn’t take Teamviewer’s approach and deny the breach for 3 years while blaming their customers for the problem, but it’s time to rethink using these remote access apps.
In the past year for personal use I’ve moved to VNC and Nomachine server apps that are inaccessible from the Internet without first activating a Wireguard tunnel. The tunnel ports don’t even appear to be open when scanned. Hopefully this setup offers more security than relying on a company to make sure their systems are up to date.
At least Anydesk didn’t take Teamviewer’s approach and deny the breach for 3 years while blaming their customers for the problem, but it’s time to rethink using these remote access apps.
In the past year for personal use I’ve moved to VNC and Nomachine server apps that are inaccessible from the Internet without first activating a Wireguard tunnel. The tunnel ports don’t even appear to be open when scanned. Hopefully this setup offers more security than relying on a company to make sure their systems are up to date.
Doesn’t mean their systems are not up to date, it just means that a security hole has been discovered. Hopefully, it’s patched now.
My biggest concern is them having the source.
IMO we will never know. Every company has a vested interest in hiding the cause of a breach if it makes them look bad.