AnyDesk Compromise

Episode 02   Published February 5, 2024 15 minute watch

Summary

The real danger of the AnyDesk compromise is the loss of control of a Windows code signing certificate. A stolen certificate lets an attacker sign arbitrary malware. So any Windows environment is at risk whether or not it runs AnyDesk. Automox CISO Jason Kikta, director of security and IT Tom Boyer, and senior application security engineer Henry Smith explain why this matters. Certificate revocation only stops a new program from launching. It does nothing about malware that is already running. Signed PowerShell makes the certificate even more useful to an attacker. Automox wrote and published a script to scan Windows certificate stores for files signed with the stolen cert. The episode also covers a separate leak of AnyDesk support portal credentials, most of which lacked two-factor authentication.