Two intrusions into corporate networks from TeamViewer were discovered by a cybersecurity company. These types of attacks have been common for many years.
TeamViewer remote access software has been used in new ransomware attacks. In a report published on January 17 by cybersecurity company Huntress, cyber experts discovered two intrusions into two of the company’s networks.
Investigation revealed that the attackers gained initial access from TeamViewer accounts. This program provides the administrator with complete control over the status. Hackers try to deploy ransomware on PCs before they are detected by security programs.
Huntress analyst Harlan Carvey said in his report that the accounts had not been used by legitimate administrators for several months. Hackers bought access from specialized cybercriminals, potentially with InfoStealer, software that exfiltrates information.
An attack method already used in the past
TeamViewer exploit campaigns are common and documented by cybersecurity companies. In May 2023, hackers attempted to hijack the program to install cryptocurrency mining tools.
Last year, the company said its product currently works on more than 400 million devices, including 30 million full-time.
” Gaining access to TeamViewer can be royal for cybercriminals. He will have complete control over the machine and can install malware on it. If the station owner is not careful, an attacker will be able to dig into the network to access backups“Benoit Gruenemwald, cyber security expert at ESET explains Numerma. ” If a company or freelancer uses TeamViewer, they should set up a solid cyber environment to prevent this type of incident from happening. ยป adds Benoit Grunemwald.
Experts recommend updating software, changing passwords and installing two-factor authentication. Advice that is already known, but often forgotten.
If you liked this article, you might like the following: Don’t miss them by subscribing to Numerama on Google News.
