TeamViewer has No place in a modern business – second breach in a year
MOVEit was reported yesterday, TeamViewer today, different attack paths but both recidivist victims…..
TeamViewer is a security risk even before the two breaches, because like any remote control software it punches a hole right through all an organisations “defence in depth” or Zero trust secure configurations and will get an attacker right into the computer operators desk inside the org. No MFA needed, no IdP required, no centralised logs captured and admin access to the heart of a business.
Teamviewer have published the relevant information but seem to have left out the ability for search engines to index the breach notification, this should not be the behaviour of a company that takes security seriously, you can read more here, not much more mind you.
NOTE: Security can be enhanced for Team viewer, but like any tool of this nature, the tool can be installed and settings changed so that no security is in place.
How to prevent Remote control tools being deployed
– Restrict administrative privileges
– Use Application control (allow / block listing) with tools like: Delinea, CyberArk, Airlock, Threat Locker, or Microsoft WDAC
– If you have a SASE solution, then block connections to these providers
– Review your automated software application inventory regularly
– Provide an alternative Sanctioned method like: Entra Application Proxy, Azure Bastion or Azure Virtual Desktop access.
Further reading here:
You can reach out to me here
Leave a Reply