It’s been more than a month that users of the remote login service TeamViewer have reported their PCs being ransacked by hackers. In many cases, the intruders drained PayPal or bank accounts. So far, nobody outside of TeamViewer knows exactly how many accounts have been hacked, but it is obvious that the users suffer in bulk. For example, many users on Reddit have complained about the alleged hack, saying that their accounts were compromised and attackers infiltrated their computers to steal financial data, access other accounts and make various purchases. All of them mention a file called "webbrowserpassview.exe," which scans systems to find stored passwords for use.
In response, TeamViewer has denied all responsibility for the recent incidents where PCs have been compromised. Instead, it has placed the blame on the "careless" use of credentials. The company did admit it was "experiencing issues in parts of its network," but managed to boot the majority of the platforms back to regular service. TeamViewer then issued a statement to explain that the outage was caused by a DoS attack aimed at TeamViewer’s infrastructure. However, there is no evidence that it was linked to any user account compromise.
As for the recent complaints, Germany-based TeamViewer attributed them to "careless use of account credentials", which are now being traded and released on the black markets online. Given that many users use the same passwords across different services, a single leak can lead to the compromise of multiple accounts. TeamViewer said that users also might unintentionally download and install malware. Due to software features, once a system is infected, hackers can do virtually anything with that particular system: capture it entirely, seize or manipulate information, etc.
In a statement, TeamViewer alluded to the recent chain of "megabreaches" that have dumped over 642 million passwords into the public domain, saying that many credentials stolen in those external breaches have been used to access TeamViewer accounts, as the hackers have simply taken advantage of common use of the same account information across multiple services to cause damage.
The company statement also announced measures being introduced to tackle the large number of hijackings. The first measure is known as "Trusted Devices". It ensures that before a device is allowed to access a TeamViewer account for the first time, the account holder must approve such access. The measure is implemented via an in-app notification asking account holders to confirm the new device via e-mail.
The second measure is called "Data Integrity" and enables automated monitoring detecting whether an account has been hacked. The feature monitors for unusual behavior (for instance, access from a new location) that might suggest it has been compromised. In this case, such TeamViewer account will be marked for an enforced password reset. These measures were initially planned to introduce later in 2016, but the growing number of complains over TeamViewer account takeovers prompted the early roll out.
In the meantime, although reports of infected PCs and drained accounts have reached a deafening crescendo over the past few days, such stories have actually been circulating for more than 6 months. Most of such complaints claim the takeovers are the result of a breach in TeamViewer's network. Indeed, a denial-of-service attack that disrupted the company’s domain name system infrastructure became proof the domain had been commandeered through DNS hijacking. Despite the absence of any evidence of TeamViewer's name servers using any unauthorized IP addresses, such claims haven't stopped circulating. There is no factual basis for any DNS spoofing either, so the hijacking could actually have taken place months after the account takeovers started.
On the other hand, TeamViewer's public response wasn’t very good either. It often takes the company days or weeks to issue any sort of statement at all, despite a significant number of users being hit by attacks exposing their financial data. Even if TeamViewer officials respond, they issue terse press releases missing important details: for example, the company has yet to explain how some of the recent attacks have successfully bypassed its two-factor authentication protection, or how the accounts protected with strong passwords were hacked.
Industry experts tend to doubt that the timing of the account compromises and DoS attack was coincidental, but it is still possible that the affected users may have had their credentials stolen and used through other means. Perhaps, the recent MySpace and LinkedIn data dumps may be the source of credentials, but some TeamViewer users insist that their credentials were strong and used nowhere else. Industry watchers admit that TeamViewer's claim that the hacks are tied to the massive number of passwords that recently leaked online is plausible, but it is clearly not the only contributing factor. Security experts believe that weaknesses in TeamViewer software may also be involved. The first reason is that TeamViewer login mechanism allows attackers to try large numbers of passwords without being locked out. Another reason is the existence of a flaw that allows intruders to circumvent two-factor protections. In other words, the current public statements made by the company leave users with a sense TeamViewer isn't providing a thorough accounting of what it knows. Unsurprisingly, this in turn leads to emergence of mistrust and conspiracy theories.
Worried about the news and looking for a way to protect yourself? You should always remember that using the same credentials across multiple online services is risky. Of course, it is difficult to remember different passwords, but it effectively prevents attacks from accessing your complete digital profile in case one set gets compromised.
Another thing to remember is that you must ensure all your online accounts are protected with randomly generated passwords at least 10 characters long, which contain numbers, symbols, and upper- and lower-case letters. As for TeamViewer, it's a good idea to run it only when you need it, rather than allowing it to autostart each time a computer is turned on or leave it overnight.
TeamViewer also strongly recommends using unique and secure passwords that are frequently changed, ensure having reliable anti-malware and security solutions in place at all times and enabling two-factor authentication whenever possible. Media reports admit that TeamViewer engineers can perform log analyses at a much more granular level than any outsiders can, but there's more to these breaches than what the company has said to date.
from RSS ExtraTorrent.cc Articles http://ift.tt/1Pd98sq
via http://ift.tt/1Pd98sq
from RSS ExtraTorrent.cc Articles http://ift.tt/1Pd98sq
via http://extratorrent.cc/
No comments:
Post a Comment