Breach, Content, EMEA, Europe

Hackers Weaponize TeamViewer Remote Control Software

Cybercriminals are using TeamViewer remote access and desktop sharing software to target European government finance authorities and representatives, according to Check Point Research.

It's the latest example of hackers apparently leveraging legitimate software for alleged criminal activities. Another example involves hackers allegedly leveraging ConnectWise Control as part of an attack on Wirpo, the massive IT outsourcing firm.

It's important to note: Hackers aren't necessarily exploiting holes in the remote control software. Instead, they're breaking into systems using other methods and then installing and using legitimate remote control software for illicit purposes.

The TeamViewer cyberattacks involve the use of a malicious attachment disguised as a top-secret U.S. document, Check Point indicated. Once an end user opens the attachment, a malicious payload executes.

To date, cybercriminals have used TeamViewer attacks to target government authorities and representatives in a variety of countries, including:

  • Nepal
  • Guyana
  • Kenya
  • Italy
  • Liberia
  • Bermuda
  • Lebanon

In addition, Check Point identified a CyberForumru user who is behind the TeamViewer cyberattacks or created the tools used in the attacks. Check Point also noted that the TeamViewer cyberattacks appear to be financially motivated.

How Did Check Point Identify the TeamViewer Cyberattacks?

Check Point used its Sandblast Zero-Day Protection solution's Threat Emulation and Threat Extraction tools to identify the malware associated with the TeamViewer cyberattacks.

Threat Emulation detects and prevents infections from new malware and targeted attacks. Meanwhile, Threat Extraction removes exploitable content, reconstructs files and delivers sanitized content to end users.

Global Malware Attacks on the Rise

The TeamViewer cyberattacks highlight the increasing use of malware attacks globally.

Malware attacks exceeded 10.5 billion worldwide in 2018, according to the "2019 SonicWall Cyber Threat Report." Furthermore, SonicWall indicated global malware attacks have increased 33.4 percent since 2016 and show no signs of slowing down any time soon.

Ultimately, MSSPs play key roles in helping global organizations combat malware attacks. If MSSPs offer cybersecurity tools, training and resources, they can empower global organizations with the support they need to address malware and other cyber threats.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.