There's Good Incident Response, Then There's AnyDesk

The security community is in uproar about the AnyDesk incident

Author

Ayman Elsawah
February 04, 2024

I need to keep today’s post short, so I will defer to some others for details.

AnyDesk recently had a security incident and the security community is in an uproar. Why? Well, not because they had an Incident, which does seem bad… but more so on how they handled that incident!

When you have a security incident, it’s customary to notify customers and the public appropriately. You don’t need to provide full details, but it’s critical to inform them sooner than later, because every minute of delay put them at risk. Having more frequent updates is better than none.

There is an expectation of transparency.

In this case several days went by before an update was sent. See thread below for details why.

Alex Stamos, an OG in the information security community also commented on the incident.

Alex Stamos on LinkedIn: AnyDesk Software was popped, with 170,000 advertised users. They claim… | 21 comments

AnyDesk Software was popped, with 170,000 advertised users. They claim their install base is secure, but that the code signing cert was stolen. From the… | 21 comments on LinkedIn

www.linkedin.com/posts/alexstamos_anydesk-software-was-popped-with-170000-activity-7159339032924102656-Piee?utm_source=share&utm_medium=member_desktop

I have written a number of times on the subject as well, just search “incident” on the blog.

Here is one notable post that has some good takeaways.

I Read So Many IR Posts This Week, Here Are My Thoughts

Twilio, Lastpass, Mailchimp, Signal, Plex, Samsung, Doordash, TikTok(?), and so many more! It's happening ya'll!

www.lastweekasavciso.com/p/0ktapus-mailchimp-hack-breach-dumpsterfire

That’s all for now. Have a great rest of your week!

Join the conversation

or to participate.