Users of the remote login service TeamViewer have been complaining about several attacks that have given hackers...
access to accounts and systems, but no one is clear about what has led to this uptick in problems.
Complaints have been flooding internet forums over the past month, telling of similar issues where TeamViewer accounts were compromised. Users have been blaming the TeamViewer hacks on the developers, but developers said users were to blame.
While admitting a significant number of users have complained about being compromised, TeamViewer claimed there was no hack of its systems. Instead, TeamViewer said, the cause of the surge in TeamViewer hacks flowed from the recent megabreaches of Tumblr, Myspace and LinkedIn, and customers reusing with TeamViewer account credentials that had been stolen in those breaches.
"As you have probably heard, there have been unprecedented large-scale data thefts on popular social media platforms and other web service providers. Unfortunately, credentials stolen in these external breaches have been used to access TeamViewer accounts, as well as other services," TeamViewer wrote in an open letter to users. "We are appalled by the behavior of cybercriminals and are disgusted by their actions toward TeamViewer users. They have taken advantage of common use of the same account information across multiple services to cause damage."
San Francisco-based threat-analysis company RiskIQ told SearchSecurity it was tracking a malicious Flash update, as well as a malicious IFrame injection vulnerability, on the TeamViewer website and investigating to determine if either of these issues may be connected to the credential theft.
TeamViewer got itself into some hot water by originally calling users careless, but later walked those comments back, saying users needed to take extra care when using software like TeamViewer.
Rick Holland, vice president of strategy at Digital Shadows Ltd., based in San Francisco, noted attacks like the TeamViewer hacks are very serious.
"Remote access software being compromised is a significant problem, especially if users save credentials in their browsers. Remote access software is a popular attack vector," Holland said. "We see adversaries utilizing tools like [Microsoft Remote Desktop Protocol] when they compromise corporate environments. In those scenarios, they are using the tools for gaining access, as well as lateral movement. It isn't surprising to see consumers being targeted, as well."
In an effort to reduce the risk of more TeamViewer hacks, the developer has updated TeamViewer with two new features: A Trusted Devices option asks users to confirm new logins on new devices as legitimate, and TeamViewer will also continuously monitor and notify users when accounts display suspicious behavior.
Holland said users should take additional precautions.
"Trusted Devices and Data Integrity will certainly help protect TeamViewer customers, but they aren't a panacea," Holland said. He suggested users protect passwords by using password managers, enabling multifactor authentication whenever possible, investigate credential dumps to determine if employees are at risk and enable multifactor authentication for remote services, like VPNs or Microsoft Outlook Web App, in order to "eliminate risks associated with employees reusing passwords."
Get tips on how to manage TeamViewer security risks.