Last week's unsettling discovery of the TeamViewer data breach caused widespread anxiety and public outcry about the remote access tool's network security. While the remote access software company firmly denies any allegations that they were hacked, countless users (including many in the U.K.) flocked to Reddit and other social media sites to report that their accounts had been compromised, giving hackers remote access to their desktops. Although TeamViewer has faced backlash for blaming the breach on careless user behavior, no matter who's to blame in the scenario, this attack highlights the need to teach users stronger password management policies and the importance of a BDR solution. What else can MSPs take away from the TeamViewer breach, and what do users need to know?
TeamViewer Breach as a Mechanism for More Cybercrime
When you grow up with siblings and without the luxury of a television in your bedroom (or connected to your mobile device), fighting for the remote control is inevitable. In my case, losing the battle meant I was forced to watch melodramatic Lifetime movies with titles like "Lies, Deceit and Stolen Identities." When you fight for control over your own desktop (or other connected device), the consequences are much more severe; identity theft is more than a two-hour plot, but a horrifying reality with myriad costly consequences. Many TeamViewer users had their account credentials stolen or compromised when hackers remotely hijacked their desktop activity.
As a result, attackers have been attributed with:
compromising eBay, Paypal and bank accounts and making fraudulent purchases
installing malware and engaging in other malicious Web browsing behavior
stealing personal information, either to use, sell or hold for ransom
accessing users' email to carry out social engineering tactics and obtain address book information for future
For this last item, consider how attackers impersonate credible sender addresses to distribute phishing schemes and business email compromises (BECs). In fact, "since January 2015, the FBI has seen a 270 percent increase in identified victims and exposed loss" due to these email scams.
Cybercriminal activity, and ransomware in particular, continues to reach and surpass unprecedented levels globally. These malicious endeavors are expected to only grow in frequency and reach over time. As such, incidents like the TeamViewer data breach offer the perfect opportunity for you to revisit end user best practices and enforce the need for a business-grade backup and disaster recovery (BDR platform). Need help talking to your clients about business continuity?
TeamViewer Breach Takeaways
In a statement released last Wednesday, TeamViewer acknowleges suffering a service outage "caused by a denial-of-service attack (DoS) aimed at the TeamViewer DNS-Server infrastructure," but denies any connection between the outage and hacked accounts. Instead, the company warns users against unsafe password practices, the kind of security counsel MSPs should be providing clients anyway. If only Mark Zuckerberg got the password security memo (ahem "Da Da Da" is a zippy jingle line, not a secure login credential). As we outline in Cybersecurity Tips for Employees: The Complete Guide to Secure Behavior Online and in the Office, it's your responsibility to educate end users to adopt the following best practices:
Change passwords at least every three months for non-administrative users and 45-60 days for admin accounts.
Use different passwords for each login credential.
Enable two or multi-factor authentication.
Avoid generic accounts and shared or publically displayed passwords.
Conduct audits periodically to identify weak/duplicate passwords and change as necessary.
Pick challenging passwords that include a combination of letters (upper and lower case), numbers and special characters (e.g. <$>, <%> and <&>).
Avoid personal information such as birth dates, pet names and sports.
Use passwords or passphrases of 12+ characters.
Use a Password Manager such as LastPass where users need just one master password.
Don’t use a browser’s auto-fill function for passwords.
And not only should you share these tips with clients to prevent future data breaches, but they should also know how to spot a TeamViewer or any other malicious attack. For instance, do your users know to be suspicious if they begin to lose control of their mouse and then see a seemingly credible message from the remote access tool you've installed? You might clarify that if your MSP practice is to be conducting any remote activity on their devices during business hours, they will have prior knowledge so they can be sure it's legitimate.
How else can you do your part to prevent IT nightmares like this from occurring? You may reconsider your own internal management of remote access tools and software. Perhaps you establish a policy of signing out of your account when it's not in use to minimize access to client work stations.
Now, it's important to note that while MSPs should enforce smart password management policies like the ones listed above, many targets have since professed that they've stuck to them and were still compromised. Although the source of the TeamViewer breach is still being questioned today, what remains true is that offering clients business continuity and disaster-recovery-as-a-service (DRaaS) helps mitigate damage when sensitive data is stolen. True, having a BDR solution doesn't stop attackers from obtaining user data, but it does stop clients from being beholden to them to restore or retrieve that data, conditions that only further the spread of malware and other cybercriminal activity.
Looking to find out if your clients' TeamViewer accounts were hit and how to respond? Check out this helpful article by ZDNet!
Don't wait until the next high profile breach to teach clients cybersecurity basics.
By Gretchen Hoffman
By Mark Cline
By Meaghan Moraes