BEWARE a lot of RMM solutions use TV chnage you security logins
By Bill Toulas January 18, 2024 04:07 PM 3
Ransomware actors are again using TeamViewer to gain initial access to organization endpoints and attempt to deploy encryptors based on the leaked LockBit ransomware builder.
TeamViewer is a legitimate remote access tool used extensively in the enterprise world, valued for its simplicity and capabilities.
Unfortunately, the tool is also cherished by scammers and even ransomware actors, who use it to gain access to remote desktops, dropping and executing malicious files unhindered.
A similar case was first reported in March 2016, when numerous victims confirmed in the BleepingComputer forums that their devices were breached using TeamViewer to encrypt files with the Surprise ransomware.
At the time, TeamViewer’s explanation for the unauthorized access was credential stuffing, meaning the attackers did not exploit a zero-day vulnerability in the software but instead used users’ leaked credentials.
“As TeamViewer is a widely spread software, many online criminals attempt to log on with the data of compromised accounts, in order to find out whether there is a corresponding TeamViewer account with the same credentials,” explained the software vendor at the time.
“If this is the case, chances are they can access all assigned devices, in order to install malware or ransomware.”
Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Phishline Training
“Where Service and Technical Skills Count”
Cloud Services Status page (https://cloudstatus.mspportalpartners.net/)