![]() ![]() In the latest version of TeamViewer (as of April 28, 2021), there are no known methods to steal the clear text credentials to login to a remote machine unless you take a screenshot of the splash screen. ![]() We also found other vulnerabilities, that have been patched, related to credential exposure such as CVE-2020-13699. While the credentials are encrypted there is a known decryption key. This is a clear indication you may find various, outdated versions of TeamViewer in an environment.įor more on the Florida water plant breach, watch this video with Bryson Bort for RSAC:Īs we performed our research on TeamViewer, we learned that previous versions of TeamViewer exposed credentials in the registry. In the example of the Florida water facility attack, TeamViewer was supposed to have been removed six months prior to the attack. Many organizations (believe it or not) still use TeamViewer to allow support teams interactive access to their computers for troubleshooting. ![]() We are also collaborating with the ICS Village to demo this and other TTPs at Hack the Capitol and RSA Conference so this post will expand with videos after the conference embargo. Who and why is still the question.” While using shared credentials (or Valid Accounts in ATT&CK) feels low sophistication, we thought it would be worthwhile to show how we can steal TeamViewer credentials in this edition of #ThreatThursday. Using the software means everything is visible to the user (hence, the operator saw the mouse move and settings changed). As SCYTHE CEO and co-founder of ICS Village at DefCon, Bryson Bort, said in this Inside CyberSecurity news articles, “TeamViewer is a common remote desktop protocol (RDP) solution in ICS and the water attack was most likely simple access with stolen credentials. A malicious actor logged into the water treatment facility’s computer system through the remote desktop software and tried to increase the amount of sodium hydroxide to a dangerous level. TeamViewer was at the forefront of an attack on a Florida water facility in February 2021. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |