AnyDesk Breach - The Risks of Remote Access Software
AnyDesk is a remote access software solution that recently took steps to address a recent cyberattack on it’s internal systems. Attacks on vendors that provide remote access should concern all clients and users, but what options do the clients have to protect themselves against such attacks?
Reigning In Remote Access
There are several security controls and practices your organization should implement to address remote access, and today’s blog will focus squarely on software programs such as AnyDesk, TeamViewer, ScreenConnect, and SplashTop. Variations of these steps should also be applied to other remote access techniques, but these applications pose a unique challenge.
Keep a written policy that defines scenarios where remote access software is appropriate or acceptable. Include straightforward reasoning that aligns business needs with security considerations. The policy should define which users and computers the policy includes and excludes for acceptable use.
Set a connection password for any persistent or unattended installation.
Enable and configure two-factor authentication for the software. Including two-factor authentication on the workstation may not be enough, because attackers could compromise the session while a user is logged in, and the user might not notice.
Configure the access controls in the software to only allow connections from specific known PCs.
Regularly review remote access by users in the administrative console.
Even with these controls, organizations should not assume software vendors do not have the ability to bypass client configurations. These efforts could possibly be moot when a vendor's internal networks/systems are compromised. If a vendor doesn't offer the security features above, or the configurations are impractical to manage at the scale your organization operates, evaluate possible alternatives or reach out to a qualified service professional to help!
If this advice seems eerily similar to a post on Reddit, we borrowed some good advice with that user’s permission!
https://securityweek.com/anydesk-revokes-passwords-certificates-in-response-to-hack/
https://www.spiceworks.com/it-security/data-security/news/anydesk-server-breach/