Hackers Weaponize TeamViewer Remote Control Software
It’s the latest example of hackers apparently leveraging legitimate software for alleged criminal activities. Another example involves hackers allegedly leveraging ConnectWise Control as part of an attack on Wirpo, the massive IT outsourcing firm.
It’s important to note: Hackers aren’t necessarily exploiting holes in the remote control software. Instead, they’re breaking into systems using other methods and then installing and using legitimate remote control software for illicit purposes.
The TeamViewer cyberattacks involve the use of a malicious attachment disguised as a top-secret U.S. document, Check Point indicated. Once an end user opens the attachment, a malicious payload executes.
To date, cybercriminals have used TeamViewer attacks to target government authorities and representatives in a variety of countries, including:
In addition, Check Point identified a CyberForum[.]ru user who is behind the TeamViewer cyberattacks or created the tools used in the attacks. Check Point also noted that the TeamViewer cyberattacks appear to be financially motivated.
How Did Check Point Identify the TeamViewer Cyberattacks?
Check Point used its Sandblast Zero-Day Protection solution’s Threat Emulation and Threat Extraction tools to identify the malware associated with the TeamViewer cyberattacks.
Threat Emulation detects and prevents infections from new malware and targeted attacks. Meanwhile, Threat Extraction removes exploitable content, reconstructs files and delivers sanitized content to end users.
Global Malware Attacks on the Rise
The TeamViewer cyberattacks highlight the increasing use of malware attacks globally.
Malware attacks exceeded 10.5 billion worldwide in 2018, according to the “2019 SonicWall Cyber Threat Report.” Furthermore, SonicWall indicated global malware attacks have increased 33.4 percent since 2016 and show no signs of slowing down any time soon.
Ultimately, MSSPs play key roles in helping global organizations combat malware attacks. If MSSPs offer cybersecurity tools, training and resources, they can empower global organizations with the support they need to address malware and other cyber threats.