![](https://www.real-cyber.com/files/2023/03/ross_web-150x150.png)
TeamViewer
Even for the non techy the name may ring a bell. The popular remote access platform has been used by individuals and companies for nearly 20 years (initial release 2005).
The company is reporting that they detected a breach of their internal IT infrastructure with (supposedly) no immediate threat to the remote access platform. I hate to say it but we have heard this damage control verbiage several times over the past few months (think ATT) and were eventually told the truth. We know at least through subsequent reports that employee credentials were stolen including passwords. Hard to imagine this poses no threat to the production environment, or wont in the incredibly near future.
On a positive note Teamviewer did indicate that they plan on being transparent and releasing information as quickly as they have it. While also tagging the HTML breach notification as unindexable by major search engines thereby making it hard to find......but we can hope right?
I can hear my own tone on this post, its a tad snarky, and it probably shouldn't be. I am admittedly never anything but truly empathetic to the teams of engineers scrambling to clean these breaches up, patch security flaws and recover their operating environments. All respect to the engineers.
However, Teamviewer has a history of questionable security practices. With breaches in the past 10 years by both Chinese and Russian sponsored groups. In almost every case there is quite a bit of obfuscation, finger pointing and foot dragging on admitting what happened, how it happened, and who it put at risk. That being said.....I would be surprised if we are not in for the same situation this time around.
EVERY software is hackable, period.
Security in 2024 is about layers, redundancies, uncomfortable conversations, training your teams, having protocols, policies and procedures that you table top, field test and refine.
Its not what you want to do, but it is what you must do. Period.
Harden the Target, Stay Vigilant!
Reflections on article tagged below: