Remote desktop application company AnyDesk confirmed last month that it had experienced a cyberattack that took its systems offline and, more concerningly, may have leaked the passwords of thousands of its customers.
While AnyDesk has provided few details about the nature of the attack, security researchers have found customer credentials for sale on dark web forums; One seller claimed to have 18,317 credentials for sale for $15,000, claiming that it was “ideal for technical support scams.”
Should I be worried?
On one hand, absolutely. One need look no further than SolarWinds to see the collateral damage that can occur when a productivity tool used by thousands of companies and organizations is breached. This provides cybercriminals with a foot in the door to be able to leverage breached credentials for further cyberattacks.
On the other hand, data breaches have become so ubiquitous at this point that one could argue that cybercriminals already have several feet in the door; the internet is rife with compromised passwords, stolen session keys, cloned websites and malware, etc. While the threat posed by exfiltrated data should be taken seriously, it also reinforces what’s already known for best cybersecurity practices for individuals and organizations alike:
Choose your passwords wisely: Don’t pick anything easy to guess, and don’t reuse passwords across multiple accounts.
Enable multi-factor authentication: Requiring a second or third means of authentication isn’t foolproof, but it does raise the barrier for entry to compromise an account.
Invest in cybersecurity training for your organization: Employees are often the last line of defense between your company and cyberattacks. Train them to be able to identify phishing emails and other suspicious behaviors.
Create a backup strategy and stick to it: Revenue lost to downtime during a cyber attack can be inconvenient for larger businesses and catastrophic for smaller ones. Be sure to have a robust and reliable backup system in place to minimize disruptions in case of a successful cyberattack.
Not sure if you’re impacted by the AnyDesk breach? Nervous at the prospect of being targeted by hackers? Nodal can help! Contact us today.