We see TeamViewer used in more than half of all of our Netskope tenants, and have issued a Customer Advisory with instruments for protecting themselves against this threat. The article elaborates that the executable file doesn’t contain encryption functions or other malicious-seeming behaviors, so they have been able to evade both anti-virus and behavioral anti-malware products. That connection is used for user 1 to access and deliver support to user 2’s machine, with the ability to deliver files, including Surprise ransomware.
Finally, once the two parties connect to the TeamViewer console, TeamViewer puts the two users in communication using a peer-to-peer networking protocol. The second is user 2 (the recipient of the remote support) to the TeamViewer console. The first is from user 1 (the person delivering remote support) to the TeamViewer console. Specifically, there are three different communications that are happening in this scenario. Netskope recently surfaced TeamViewer in the Netskope Cloud Report as an app that has posted triple-digit growth in the past year and is in the rapidly-expanding Microsoft 365 ecosystem.Īccording to the article, the Surprise ransomware developer was able to co-opt the credentials of a TeamViewer user, and then used those credentials to gain access to other TeamViewer users and download the malware file via TeamViewer. According to TeamViewer’s website, the app is installed in more than 90 percent of the Fortune 500 and has been installed on more than one billion devices worldwide. Earlier this week, a Bleeping Computer article described a new ransomware that researchers are calling Surprise that is propagated by online support app, TeamViewer.
0 kommentar(er)
