Request a Demo
Cygilant Blog

Is Remote Access Worth the Cybersecurity Risk? Assessing TeamViewer's Breach

Posted by Security Steve on Jul 22, 2016

remote_employee.jpeg

 

Telecommuting has never been more common, and as it increases in prevalence, cybersecurity risks will follow. This has been most recently illustrated by the complications plaguing TeamViewer, a popular proprietary piece of software for establishing remote access between computers.

 

Let's look at why remote team access isn't going away despite the threats, what went wrong in the case of TeamViewer, and what organizations can do to ensure their remote setups are free from such danger.

The Importance of Remote Access

Remote access generally means control of one computer from a second computer located elsewhere, something that can be crucial for businesses for a variety of reasons. Colleagues or partners may be stationed in another time zone, for example, and they may be asleep while their files are needed by users in the United States, who can then access the data remotely.

 

However, the danger of remote access hacks cannot be ignored. After all, if a legitimate user is logging into a faraway machine often, that machine has permissions and other settings allowing that person to use the device despite not being present. So if the attackers can impersonate the authorized user, they can intrude on the target system and appear as just another telecommuting employee, and then proceed to harm their new victim.

What Happened to TeamViewer

For the last few months, social media has been buzzing with reports from TeamViewer users who have found themselves hacked. Masquerading as the legitimate remote access user, attackers have been commandeering machines with the TeamViewer software installed to use them to benefit themselves—for instance, by accessing PayPal accounts and sending themselves money. If the legitimate users see this happening before their eyes, as one IBM researcher did, they can close TeamViewer and revoke access. But if they are not so lucky, then the hackers have however much control over the devices as the TeamViewer accounts are set up to have—which can be substantial.

 

While some think TeamViewer itself might be compromised, the Germany-based company maintains that the problem is much more basic: TeamViewer account holders making the mistake of re-using passwords, combined withrecent leaks of over 600 million passwords. All those newly available credentials give criminal hackers opportunities to guess that TeamViewer users might be using the same passwords for their remote access software as they used for Tumblr, MySpace, or any of the other recently breached sites.

Security for Remote Access

If TeamViewer is right that the problem is the re-use of passwords, the best cybersecurity solution is something EiQ has addressed before: employ a password manager, such as KeePassX, so that a user's credentials for each site can be unique. That way, if one site is breached, it does not mean that the user's other accounts are also capable of being compromised. Another quick tip is for users to sign up for HaveIBeenPwned.com, a site that will alert them if their email address shows up in a leak, thus allowing them to change their passwords.

 

But beyond endpoint security matters such as password best practices, organizations should also employ network security monitoring to have full visibility into their systems. At a time when some devices are connecting remotely to other devices, and these specifics are changing daily as users move around and change computers and more, IT teams need to be able to understand what is happening on the systems they're charged with protecting. A quality network security monitoring service, such as SOCVue, could pick up unusual attributes of remote access log-ins that might indicate a compromise, such as users signing in at times they never have before.

How to Assess IT Vulnerabilities for Free

If you have ever wondered what software flaws and vulnerabilities are hiding in your network, now is the time to find out. For a limited time only, EiQ Networks will offer a FREE scan of up to 10 external IP addresses to identify vulnerabilities. You’ll receive an in-depth report that identifies:

  • The number of vulnerabilities detected and their severity level
  • The number of assets affected and which ones they are
  • A detailed description of the threat, its impact, and remediation guidance

 

Sign Up for Free Vulnerability Assessment Scan

 

Photo: Hannah Wei

Tags: IT Professionals, Data Breach, Cybersecurity, Risk Management, InfoSec

Most Recent Posts

Subscribe to Email Updates