Lock down TeamViewer or pay a price

IT administrators allow remote access software like Zoho Assist, TeamViewer VNC Connect, Windows RDP and AnyDesk to help employees do their work away from the office.

Unfortunately, those products can also be useful to hackers, who try to leverage poorly-secured applications like these on computers to also get (unapproved) access into enterprise networks. Which is why these utilities have to be locked down.

The latest example of failing to do that comes in a report from researchers at Huntress, who recently discovered that two endpoints at unnamed organizations had been encrypted with ransomware through compromised TeamViewer software.

Logs suggest the attacker in each case was the same, Huntress staff said in a blog. On both endpoints, the initial ransomware deployment started with a DOS batch file run from the hacked user’s desktop.

Fortunately, security software on one computer limited the number of files that were encrypted. And in neither instance was there any indication the threat actor conducted reconnaissance beyond the impacted endpoint, nor attempted to move laterally to other endpoints within the infrastructure.

There have been several reports of attackers using TeamViewer and other remote access tools to their advantage. In December, Microsoft disabled Windows App Installer because threat actors were using it to trick people trying to download legitimate versions of TeamView, AnyDesk and other utilities.

Last summer, cybersecurity agencies from seven countries warned that the LockBit ransomware gang either leveraged existing installations of TeamViewer and other tools or added them to compromised IT systems.

“Threat actors look for any available means of access to individual endpoints to wreak havoc and possibly extend their reach further into the infrastructure,” Huntress warned, which is why IT administrators need a thorough inventory of software under their control so they can apply security policies.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now