Jonathan Care’s Post

Instant Messaging can be convenient and damaging at the same time.

TeamViewer’s APT attack    As per TeamViewer, remote access software company,  their corporate environment was breached in cyberattack by APT on June 26, 2024 when their security team detected an irregularity in their internal corporate IT environment  Company’s internal corporate IT environment is completely independent from their product environment. Till now, there is no evidence that the product environment or customer data is affected. TeamViewer is very popular remote access software , based in Germany, which is currently being used by more than 640,000 customers worldwide and has installed on over 2.5 billion devices.  On June 27,2024 , Health-ISAC ( a community for healthcare professionals to share threat intelligence) said that TeamViewer serviced were allegedly targeted by APT29 group, also known as Cozy Bear.  APT29 is Russian advanced persistent threat group linked to Russia’s Foreign Intelligence Service . This group is known for its cyberespionage abilities . They have operated since 2008, often targeting government networks in Europe and NATO member countries , researched institutes and think tanks. On Jan12,2024 , Cozy bear is suspected of compromising a “small percentage” of mailboxes belonging to HPE employees in cybersecurity, go-to-market , business segments and other functions. In last February, APT29 used a new backdoor WINELOADER to target German political parties with a CDU-themed lure. #TeamViewer #APT29 #Cozy #Bear #APT https://lnkd.in/gZxV5Aaj

At TeamViewer, we have our own dedicated Trust and Safety team to develop effective counter-measures against any kind of misuse on our platform. 🤝🛡️ They consistently work together with top government and business institutions to introduce industry-leading technical solutions, ensuring a secure platform. We are at the forefront of global discussions, actively contributing to strategies against misuse of remote access platforms. Therefore, you can trust us fully, for a secure and responsible remote connectivity experience! 🔐  Click the link if you have more questions about how to protect yourself against remote access scams to get all the answers: https://lnkd.in/etT6pDap #TrustAndSafety #CybersecurityLeadership #RemoteAccessSecurity

At TeamViewer, we have our own dedicated Trust and Safety team to develop effective counter-measures against any kind of misuse on our platform. 🤝🛡️ They consistently work together with top government and business institutions to introduce industry-leading technical solutions, ensuring a secure platform. We are at the forefront of global discussions, actively contributing to strategies against misuse of remote access platforms. Therefore, you can trust us fully, for a secure and responsible remote connectivity experience! 🔐  Click the link if you have more questions about how to protect yourself against remote access scams to get all the answers: https://lnkd.in/etT6pDap #TrustAndSafety #CybersecurityLeadership #RemoteAccessSecurity 

When working from home, exchanging large files isn’t as simple as walking into an office or utilizing a courier service. However, whenever possible, store your data on your company’s secure network storage devices. This helps ensure that your data is both safe from hackers and properly backed-up to prevent loss. If you use a cloud-based file sharing service, only use services that your company has approved. And finally, don’t forget to protect sensitive paper documents when working in your remote location. #CyberSecurityAwarenessMonth

When working from home, exchanging large files isn’t as simple as walking into an office or utilizing a courier service. However, whenever possible, store your data on your company’s secure network storage devices. This helps ensure that your data is both safe from hackers and properly backed-up to prevent loss. If you use a cloud-based file sharing service, only use services that your company has approved. And finally, don’t forget to protect sensitive paper documents when working in your remote location. #CyberSecurityAwarenessMonth

I mention in this article that anyone who uses or has recently used AnyDesk in their environment should, "look back at security logs for signs of nefarious activity, like unexpected logins, exfiltration of data, or new admin accounts." Check out the article for more of my comments + some other valuable industry insights. https://lnkd.in/gfFgGzNe Arctic Wolf

"Health-ISAC recommends reviewing logs for any unusual remote desktop traffic. Threat actors have been observed leveraging remote access tools. Teamviewer has been observed being exploited by threat actors associated with APT29." Is your organisation making use of TeamViewer? Are you prepared for what could happen next? Vulnerability assessments and daily IOC health checks will be a great starting point to prevent further damage from compromised 3rd parties impacting your organisation. Be prepared and stay vigilant.

This should be a wake up call for anyone using Remote desktop tools which is most of the #TSP industry. Note: this is not an attack on screen connect as it is still considered one of the best and safest remote solutions. Nor is there a suspected vulnerability on the software that was considered the cause of this attack. This instance highlights the risk of using tools such as these and not applying extended #security controls to reduce the #risk. #MSPs rely heavily on these technologies to support their clients. But there is a duty of care that should be considered when using these tools to protect the client. Partners typically have god level admin access to their client environments and is why they are considered the biggest risk for their clients as part of the #supplychain. To quote uncle Ben "With great power, comes great responsibility"

Office documents with embedded macros (that help in automating tasks) can pose significant security risks. This is because they can also be exploited by threat actors and used in attacks to perform malicious actions. Our #enterprise solution ensures your organization's safety by allowing employees to download macro-free versions of these documents, stripping out any suspicious or harmful macros. This straightforward process enhances document security and protects your organization from potential threats without affecting your workflows. Have a use-case for us? Chat with us to see how SquareX can secure your employees' #browser: https://lnkd.in/gnqXjPxg