Hackers Abuse TeamViewer to Launch Ransomware Attacks – CybersecurityNews

Hackers exploit TeamViewer because it gives remote access to systems and allows threat actors to control them.
This can be used for several illicit purposes like illegal data access, system manipulation, and virus distribution. 
Besides this, the widespread use of TeamViewer makes it an attractive target for threat actors who are actively seeking to exploit vulnerabilities and conduct social engineering attacks.
Cybersecurity researchers at Huntress recently identified that threat actors have been actively abusing the TeamViewer to launch ransomware attacks.
Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month. Delays in fixing these vulnerabilities lead to compliance issues, these delay can be minimized with a unique feature on AppTrana that helps you to get “Zero vulnerability report” within 72 hours.
The SOC analysts at Huntress recently alerted about  2 endpoints hit by ransomware with minimal impact, no threat actor reconnaissance or lateral movement. However, security software managed to prevent threat actor’s actions.
TeamViewer enabled threat actor access to endpoints A and B. Logs reveal a common source endpoint name connecting to both with timestamps for sessions:- 
Past incidents involved TeamViewer for crypto miner deployment and curl.exe for data exfiltration.
In endpoint ‘A,’ legitimate admin accesses were noted, and endpoint ‘B,’ with the last TeamViewer login three months prior, saw the threat actor’s access in a 10-minute session. 
For data exfiltration, the previous incidents have linked TeamViewer to threat actors deploying crypto miners and employing curl.exe.
The first ransomware distribution on both endpoints began with a DOS batch file, “PP.bat,” launched from the user’s desktop.
In turn, the above-mentioned batch file ran the following “rundll32.exe” command:-
Endpoint A’s ransomware impact was restricted solely to that endpoint. On B, security software blocked the threat actor, leading to multiple failed attempts to encrypt files. 
The log messages revealed the quarantine of a DLL file that prompted the threat actor to make useless attempts to launch another file that was eventually quarantined.
However, the key security relies on tracking assets by encompassing physical and virtual endpoints and installed apps.
Try Kelltron’s cost-effective penetration testing services to evaluate digital systems security. Free demo available.

source

Related Posts

After 6 months and little explanation, Norton Healthcare patients, employees still feeling effects of cyber attack – WDRB

Spotty shower possible. Storms after midnight Updated: April 16, 2024 @ 12:31 pmNorton Healthcare, a company serving about 600,000 patients a year with nearly $5 billion in assets, continues to…

Read more

CA's top cybersecurity job has been vacant for almost 2 years – CalMatters

Technology Californians get hacked all the time. The state’s top cybersecurity job is vacant In summaryGov. Newsom has yet to appoint a commander who is tasked with informing businesses and…

Read more

13 Cyber Security Measures Your Small Business Must Take – Tech.co

Our content is funded in part by commercial partnerships, at no extra cost to you and without impact to our editorial impartiality. Click to Learn MoreCybersecurity has been important to…

Read more

AVG Antivirus Free review – Ghacks

AVG AntiVirus Free is a longstanding security program for Microsoft Windows that protects computer systems from viruses, trojans and other malicious code.One interesting fact about AVG is that it maintains…

Read more

Vlog Episode #247: Chris Long on Improving Technical SEO Skills & Playing Offense SEO – Search Engine Roundtable

In part one, we learned about Chris Long and his experience working with Bill Slawski. Then, in part two, we spoke about helping people with SEO on LinkedIn and using…

Read more

Information Security Vs. Cybersecurity: What's The Difference? – Forbes

Information Security Vs. Cybersecurity: What’s The Difference?  Forbessource

Read more

Leave a Reply

Your email address will not be published. Required fields are marked *