TeamViewer Credits Network Segmentation for Rebuffing APT29 Attack

  /     /     /  
Publicated : 23/11/2024   Category : security


TeamViewer Credits Network Segmentation for Rebuffing APT29 Attack


Despite warnings from Health-ISAC and the NCC Group, the remote access software maker says defense-in-depth kept customers data safe from Midnight Blizzard.



This week, TeamViewer said that while the Russian group APT29, aka
Midnight Blizzard
, managed to access its corporate network, the threat actors were limited to the companys internal IT network because of strong segmentation between its environments. Thus, no customers were affected.
In
public statements
on June 27 (reiterated today), the German maker of remote desktop software said, [W]e keep all servers, networks, and accounts strictly separate to help prevent unauthorized access and lateral movement between the different environments. This segregation is one of multiple layers of protection in our defense in-depth approach.
Defense-in-depth is a set of basic techniques, including network segmentation, that the
US government consistently urges
people to implement. Others include
network monitoring
,
multifactor authentication
, and
access control lists
.
Even so, because of the potential mischief a bad actor with desktop access can wreak, TeamViewer users should up their security game, according to industry groups. The
NCC Group
, which originally issued a warning under an amber/limited classification but then changed it to green/public, advised its customers that, while awaiting final confirmation of the extent of compromise, they remove TeamViewer from their systems if possible and closely monitor hosts that had the application installed if not.
The
Health Information Sharing and Analysis Center (H-ISAC)
meanwhile issued similar advice to the healthcare sector, adding that organizations should implement two-factor authentication (2FA) and allowlists/blocklists to control who gets to access systems via TeamViewer.
Stakes are particularly high for remote access application security because of the legitimate access to users systems such software provides. In January, Huntress reported that two hacking attempts started with
TeamViewer instances
, and there is a long history of
attackers using remote desktop software
to implant malware. The apparently limited impact of the latest incident shows the value of defense-in-depth techniques to limit the effect of intrusions.

Last News

▸ Veritabile Defecte de Proiectare a Securitatii in Software -> Top 10 Software Security Design Flaws ◂
Discovered: 23/12/2024
Category: security

▸ Sony, XBox Targeted by DDoS Attacks, Hacktivist Threats ◂
Discovered: 23/12/2024
Category: security

▸ There are plenty of online tools for reporting bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
TeamViewer Credits Network Segmentation for Rebuffing APT29 Attack