The FBI is warning companies about the use of out-of-date Windows 7 systems, desktop sharing software TeamViewer, and weak account passwords.
The FBI issues this week a Private Industry Notification (PIN) alert to warn companies about the risks of using out-of-date Windows 7 systems, poor account passwords, and desktop sharing software TeamViewer.
The alert comes after the recent attacks on the Oldsmar water treatment plant’s network where attackers tried to raise levels of sodium hydroxide, by a factor of more than 100. The investigation into the incident revealed that operators at the plant were using out-of-date Windows 7 systems and poor account passwords, and the desktop sharing software TeamViewer was used by the attackers to breach the network of the plant.
“The attempt on Friday was thwarted. The hackers remotely gained access to a software program, named TeamViewer, on the computer of an employee at the facility for the town of Oldsmar to gain control of other systems, Sheriff Bob Gualtieri said in an interview.” reported the Reuters.
The alert urges organizations to review internal networks and mitigate the risks posed by the above factors.
“Beyond its legitimate uses, TeamViewer allows cyber actors to exercise remote control over computer systems and drop files onto victim computers, making it functionally similar to Remote Access Trojans (RATs),” states the FBI’s PIN alert. “TeamViewer’s legitimate use, however, makes anomalous activity less suspicious to end users and system administrators compared to typical RATs.”
The FBI alert warns of the abuse of desktop sharing software like TeamViewer, threat actors could abuse them access target network once obtained the login credentials of its employees. Below the recommendations provided by the alert:
TeamViewer Software RecommendationsFor a more secured implementation of TeamViewer software:
- Do not use unattended access features, such as “Start TeamViewer with Windows” and“Grant easy access.”
- Configure TeamViewer service to “manual start,” so that the application and associatedbackground services are stopped when not in use.
- Set random passwords to generate 10-character alphanumeric passwords.
- If using personal passwords, utilize complex rotating passwords of varying lengths. Note:TeamViewer allows users to change connection passwords for each new session. If an enduser chooses this option, never save connection passwords as an option as they can beleveraged for persistence
The FBI alert also warns of the risk of using Windows 7 operating system that has reached end-of-life on January 14, 2020.
“Continued use of Windows 7 increases the risk of cyber actorexploitation of a computer system” continues the alert. “Cyber actors continue to find entry points into legacy Windows operating systems and leverageRemote Desktop Protocol (RDP) exploits.”
The alert warns of cyber actors often using misconfigured or improperly secured RDP access controls to conduct cyber-attacks.
Below the general general recommendations provided by the FBI:
- Update to the latest version of the operating system (e.g. Windows 10).
- Use multiple-factor authentication.
- Use strong passwords to protect Remote Desktop Protocol (RDP) credentials.
- Ensure anti-virus, spam filters, and firewalls are up to date, properly configured and secure.
- Audit network configurations and isolate computer systems that cannot be updated.
- Audit your network for systems using RDP, closing unused RDP ports, applying multiple-factorauthentication wherever possible, and logging RDP login attempts.
- Audit logs for all remote connection protocols.
- Train users to identify and report attempts at social engineering.
- Identify and suspend access of users exhibiting unusual activity
[출처 : SecurityAffairs/ 2.14.]