Organisations have long utilised TeamViewer software to provide remote aid, collaboration, and access to endpoint devices. Like other authorised remote access technologies, it is often employed by attackers to gain initial access to target systems.
The most recent example is the pair of attempted ransomware deployment incidents that Huntress researchers recently came across.
Unsuccessful ransomware deployment
The attacks that Huntress detected targeted two separate endpoint devices belonging to Huntress customers. Both incidents had failed attempts to install what seemed to be ransomware based on a leaked builder for LockBit 3.0 ransomware.
Further investigation revealed that TeamViewer was the initial point of access for the attackers to both endpoints. The logs showed that the same threat actor was responsible for both occurrences, as the attacks originated from an endpoint with the same hostname.
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: