{"id":11998,"date":"2024-07-01T10:47:20","date_gmt":"2024-06-30T22:47:20","guid":{"rendered":"https:\/\/kinetics.co.nz\/?p=11998"},"modified":"2024-07-01T10:47:20","modified_gmt":"2024-06-30T22:47:20","slug":"teamviewer-compromise","status":"publish","type":"post","link":"https:\/\/new.kinetics.co.nz\/?p=11998","title":{"rendered":"TeamViewer Compromise"},"content":{"rendered":"

[et_pb_section fb_built=”1″ _builder_version=”4.24.3″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_row column_structure=”1_2,1_2″ _builder_version=”4.24.3″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_column type=”1_2″ _builder_version=”4.24.3″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_text _builder_version=”4.24.3″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”]<\/p>\n

TeamViewer is a common piece for software that allows IT businesses to remotely access, control, manage, monitor, and repair devices \u2013 from laptops and mobile phones to industrial machines and robots. Many software vendors include it to allow them to remotely support their software for their clients.<\/p>\n

[\/et_pb_text][\/et_pb_column][et_pb_column type=”1_2″ _builder_version=”4.24.3″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_image src=”\/wp-content\/uploads\/2024\/07\/TeamViewer.png” title_text=”TeamViewer” _builder_version=”4.24.3″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.24.3″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_column type=”4_4″ _builder_version=”4.24.3″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_text _builder_version=”4.24.3″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”]<\/p>\n

Word is coming out quickly that TeamViewer has found an “irregularity” on their internal networks yesterday.<\/h2>\n

https:\/\/www.teamviewer.com\/en\/resources\/trust-center\/statement\/<\/a><\/p>\n

Their claim is that their product remains safe, however, Trend Micro has been tracking unusual connections, including from TeamViewer instances protected by strong passwords and MFA, for at least a month. This story is developing quickly and we are watching it closely.<\/p>\n

https:\/\/www.trendmicro.com\/vinfo\/nz\/security\/news\/cyber-attacks\/hack-on-teamviewer-after-reported-unauthorized-connections<\/a><\/p>\n

Please note that TeamViewer is not in the Kinetics KARE Tech stack.<\/h3>\n

We don\u2019t install it as part of our support platform, BUT it is included by some software vendors for their technical support of their customers. We are working through a list of all clients to make sure protections are in place.<\/p>\n

This attack is suspected to have come from the APT29 group. This is a group associated with Russian Foreign Intelligence Service and has been able to breach Microsoft in recent history.\u00a0https:\/\/attack.mitre.org\/groups\/G0016\/<\/a><\/p>\n

It shows even large security focused companies are vulnerable to the basics, as well as the need to reduce exposure and only use\/install these very powerful tools when there is a clear need for them.<\/p>\n

[\/et_pb_text][et_pb_text _builder_version=”4.24.3″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”]<\/p>\n

Update: 11:00am 1 July 2024<\/h3>\n

A few hours ago, Teamviewer have released further information that looks like the immediate risk to other systems is low at this stage.\u00a0 They say that\u00a0“the threat actor leveraged a compromised employee account”<\/em><\/p>\n

\u00a0The compromised systems:\u00a0<\/span>“copy employee directory data, i.e. names, corporate contact information, and encrypted employee passwords”<\/em><\/p>\n

This sounds like they got into Teamviewers AD, this is pretty bad, and means the ongoing risk for them and their customers is certainly non-zero<\/span><\/p>\n

\u00a0The remediation actions they are taking are:\u00a0<\/strong>“We hardened authentication procedures for our employees to a maximum level and implemented further strong protection layers. Additionally, we have started to rebuild the internal corporate IT environment towards a fully trusted state.”<\/em><\/p>\n

We think this is the right path, and a major undertaking for them. It gives us confidence that, at this time, there is no need at this time, for any drastic action by clients using this software.\u00a0\u00a0<\/span><\/p>\n

Our advice is\u00a0 that if Teamviewer is required, or is part of a managed product, like OneLaw, then its fine to leave it installed.\u00a0 Otherwise, if it is not required, it shouldn’t be installed. Where it is installed, MFA and strong authentication should be enforced.<\/p>\n

In fact, learning from this, we bet TeamViewer wish they had enforced MFA onm all their users.\u00a0 EVERYONE NEEDS MFA ON EVERYTHING<\/strong><\/p>\n

[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"

TeamViewer is a common piece for software that allows IT businesses to remotely access, control, manage, monitor, and repair devices \u2013 from laptops and mobile phones to industrial machines and robots. Many software vendors include it to allow them to remotely support their software for their clients.Word is coming out quickly that TeamViewer has found […]<\/p>\n","protected":false},"author":5,"featured_media":11999,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[4,5],"tags":[],"class_list":["post-11998","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-security"],"_links":{"self":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts\/11998","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=11998"}],"version-history":[{"count":0,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts\/11998\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/"}],"wp:attachment":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=11998"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=11998"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=11998"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}