The FBI issues this week a Private Industry Notification (PIN) alert to warn companies about the risks of using out-of-date Windows 7 systems, poor account passwords, and desktop sharing software TeamViewer.
The alert comes after the recent attacks on the Oldsmar water treatment plant’s network where attackers tried to raise levels of sodium hydroxide, by a factor of more than 100. The investigation into the incident revealed that operators at the plant were using out-of-date Windows 7 systems and poor account passwords, and the desktop sharing software TeamViewer was used by the attackers to breach the network of the plant.
“The attempt on Friday was thwarted. The hackers remotely gained access to a software program, named TeamViewer, on the computer of an employee at the facility for the town of Oldsmar to gain control of other systems, Sheriff Bob Gualtieri said in an interview.” reported the Reuters.
The alert urges organizations to review internal networks and mitigate the risks posed by the above factors.
“Beyond its legitimate uses, TeamViewer allows cyber actors to exercise remote control over computer systems and drop files onto victim computers, making it functionally similar to Remote Access Trojans (RATs),” states the FBI’s PIN alert. “TeamViewer’s legitimate use, however, makes anomalous activity less suspicious to end users and system administrators compared to typical RATs.”
The FBI alert warns of the abuse of desktop sharing software like TeamViewer, threat actors could abuse them access target network once obtained the login credentials of its employees. Below the recommendations provided by the alert:
TeamViewer Software RecommendationsFor a more secured implementation of TeamViewer software:
The FBI alert also warns of the risk of using Windows 7 operating system that has reached end-of-life on January 14, 2020.
“Continued use of Windows 7 increases the risk of cyber actorexploitation of a computer system” continues the alert. “Cyber actors continue to find entry points into legacy Windows operating systems and leverageRemote Desktop Protocol (RDP) exploits.”
The alert warns of cyber actors often using misconfigured or improperly secured RDP access controls to conduct cyber-attacks.
Below the general general recommendations provided by the FBI:
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
(SecurityAffairs – hacking, FBI)