I guess most of you already know: AnyDesk has been compromised.
What I would expect from an endpoint in this case is that it will detect such outdated files. I assume that the related certificat is part of any AnyDesk files and installation befor febuary 02.02.2024. So where is the problem in detection such anydesk installations?
This case kind of reminds me of the 3CX security issue where Avast was then able to detect the unsecure 3CX files…
Appears as if AnyDesk was hacked and clients had their certificates and passwords reset by AnyDesk. Access to their production servers was revoked and that is the only reported breach at this time.
It would appear client users may not have had their data compromised in this instance. I would continue to monitor news updates for the next month or so to see if there are any changes in this hacking attack being reported.
They do have an email address you can contact in the second link posted above; you can post your concerns there.
Anydesk is, who would have guessed it(?), quite busy. So it is almost sensless trying to contact them…
My attempt here is more intended from a general perspective. If we recall that those security issue already have happend in the past (3CX for instance) and will occur in the future I’d say: A modern endpoint security solution needs to take account into this!
From my opinion this can be accomplished by at least 2 steps:
Manually by enableing Avast settings/policies setup some kind of file blacklist. With this at hand we can easily blacklist files or applications like anydesk if a security issue occurs. If this approche can also be made by specific folder names it would be a good addition.
Avast itself is able to react on security issues like that either bei using some kind of AI or be enableing it’s support personal to do so.
Yes this is tough stuff but for situations like that it would be really helpfull…