Lock down TeamViewer or pay a price

Share post:

IT administrators allow remote access software like Zoho Assist, TeamViewer VNC Connect, Windows RDP and AnyDesk to help employees do their work away from the office.

Unfortunately, those products can also be useful to hackers, who try to leverage poorly-secured applications like these on computers to also get (unapproved) access into enterprise networks. Which is why these utilities have to be locked down.

The latest example of failing to do that comes in a report from researchers at Huntress, who recently discovered that two endpoints at unnamed organizations had been encrypted with ransomware through compromised TeamViewer software.

Logs suggest the attacker in each case was the same, Huntress staff said in a blog. On both endpoints, the initial ransomware deployment started with a DOS batch file run from the hacked user’s desktop.

Fortunately, security software on one computer limited the number of files that were encrypted. And in neither instance was there any indication the threat actor conducted reconnaissance beyond the impacted endpoint, nor attempted to move laterally to other endpoints within the infrastructure.

There have been several reports of attackers using TeamViewer and other remote access tools to their advantage. In December, Microsoft disabled Windows App Installer because threat actors were using it to trick people trying to download legitimate versions of TeamView, AnyDesk and other utilities.

Last summer, cybersecurity agencies from seven countries warned that the LockBit ransomware gang either leveraged existing installations of TeamViewer and other tools or added them to compromised IT systems.

“Threat actors look for any available means of access to individual endpoints to wreak havoc and possibly extend their reach further into the infrastructure,” Huntress warned, which is why IT administrators need a thorough inventory of software under their control so they can apply security policies.

The post Lock down TeamViewer or pay a price first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Related articles

Russian State-Backed Cyber Attack Exploits Zero-Day Vulnerabilities in Windows and Firefox

Headline: A sophisticated cyberattack leveraging two chained zero-day vulnerabilities in Mozilla Firefox and Microsoft Windows has been confirmed by...

Starbucks Forced to Pay Baristas Manually After Ransomware Attack

A ransomware attack on Blue Yonder, a third-party scheduling software provider, has disrupted Starbucks’ ability to manage employee...

Google Launches Free Cybersecurity Certificate for Entry-Level Jobs

Google has introduced a new Cybersecurity Professional Certificate, aimed at preparing students for entry-level roles in just six...

Critical Vulnerability Leaves Millions Of Sites Vulnerable To Takeover

A severe authentication bypass vulnerability has been discovered in the WordPress plugin "Really Simple Security" (formerly *Really Simple...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways