Tech TroubleShooters

Important Security Alert: Protect Your TeamViewer Account from Recent Hacks

by | Aug 7, 2024 | Cybersecurity, News & Updates

Recently, TeamViewer, a widely used remote connectivity software provider, was targeted by a sophisticated cyberattack attributed to the Russian cyberespionage group APT29, also known as Cozy Bear.

Summary of the Incident:

At the end of June, TeamViewer detected an irregularity in its internal corporate IT environment. The company immediately activated its response team, started investigations with globally renowned cybersecurity experts, and implemented necessary remediation measures. They confirmed that the attack was isolated to their corporate IT environment, with no evidence of customer data being impacted.

APT29, a state-sponsored threat actor affiliated with the Russian Foreign Intelligence Service (SVR), targeted credentials associated with an employee account. This allowed them to copy employee directory data, including names, corporate contact information, and encrypted employee passwords. TeamViewer has since worked with Microsoft to mitigate the risks and has hardened its authentication procedures.

Who is APT29?

APT29, also known as Cozy Bear, is a state-sponsored cyberespionage group linked to the Russian government. This group is notorious for targeting significant organizations and conducting high-impact cyberattacks. Some of their known aliases include BlueBravo, Cloaked Ursa, and Midnight Blizzard. APT29 has been previously implicated in major cyber espionage activities, including breaches of Microsoft and Hewlett Packard Enterprise (HPE).

How to Enhance Your Protection:

To further secure your business and prevent similar incidents, we recommend implementing our full security stack, which includes the following key components:

DNS Analysis: Monitoring DNS traffic helps identify and block malicious websites before they can cause harm.

Endpoint Protection: Ensure all devices are protected with advanced antivirus and anti-malware solutions like SentinelOne, which can detect and block sophisticated threats.

Patch Management: Keeping your software and systems up to date is critical to protect against vulnerabilities. Regularly apply patches to close security gaps that could be exploited by attackers. Comprehensive patch management goes beyond basic updates provided by Apple and Windows, addressing all third-party applications and critical vulnerabilities.

Password Management: Use a password manager to create and store strong, unique passwords for all your accounts. Ensure all your passwords are at least 21 characters long and randomized with alphanumeric characters.

Whitelisting and Ring-Fencing Applications: Whitelisting ensures that only approved applications can run on your systems, reducing the risk of malware execution. Ring-fencing further contains applications, limiting their access to only necessary resources.

Proactive Threat Hunting: Actively search for signs of malicious activity within your network to identify and mitigate threats before they can cause significant damage. Proactive threat hunting is becoming increasingly important as cyber threats become more sophisticated.

CPU and RAM Usage Monitoring: Regularly monitor the CPU and RAM usage of your machines to detect any unusual activity that could indicate a security issue or compromised system.

Two-Factor Authentication (2FA): Ensure that 2FA is enabled for all your online services. This adds an extra layer of security by requiring a second form of verification.

Email Filtering and Backup Solutions: Implement email filtering solutions to block phishing attempts and spam. Additionally, having an email backup solution ensures that important communications are not lost and can be recovered when needed.

Firmware Updates: Ensure the firmware on all computers, wireless access points, switches, and routers is updated to the latest version, as these updates often include important security patches.

Network Segregation: Segregating your network into different segments can prevent unauthorized access and limit the spread of malware. This is important for both home and business networks, as it helps contain potential breaches to isolated sections, minimizing overall impact.

Remove Unused Software: Although we do not use TeamViewer, many software and support companies do. It always pays to remove unused software from your computer, such as TeamViewer, if you are not using it. This reduces potential vulnerabilities.

Need Assistance?

If you need help reviewing your security measures or implementing any of the above recommendations, please don’t hesitate to contact us. Our team at Tech Troubleshooters is here to help you enhance your cybersecurity posture and protect your business from evolving threats.

13 + 8 =