Benjamin Hosack
2 min read

TeamViewer has been all over the news in the last few days with “significant” numbers of  TeamViewer clients expressing/venting on Reddit, Twitter and other social media channels.  TeamViewer has denied that there has been a breach of their systems and instead has pointed to “mega-breaches” of social networks and users using the same account credentials across multiple platforms.  Coincidentally, Foregenix has recently completed a case study involving compromised TeamViewer credentials.

TeamViewer_Image.pngTime will tell if this is the case; however, TeamViewer has confirmed that they have seen significant numbers of accounts being taken over.

A leading footwear retailer in South Africa contacted Foregenix recently to assist with more specialized monitoring of their Point of Sale Systems – the reason being that they had become concerned about the numbers of merchants with integrated Point of Sale (POS) systems being hacked in South Africa, resulting in significant fraud losses and penalties from the card schemes. With alerts regularly coming out from their acquiring bank, they decided to enlist the assistance of the Foregenix team to help monitor their payment systems.

Interestingly enough within two weeks of deploying Serengeti IR, our team picked up unusual activity on one of the POS systems – sure enough the client’s TeamViewer account had fxweb-icon-products-serengeti-desktop.pngbeen hacked and the attackers loaded a new variant of NewPOSThings (not detected by the encumbent Anti-Virus/Anti-Malware solution) to begin harvesting payment data from the POS. Fortunately with Serengeti IR monitoring and alerting, the Foregenix DFIR team immediately identified the attack and shut it down – no lost customer data and no leaked payment card data.

Needless to say it was the first confirmed TeamViewer account compromise to come across our team (there have been a few other suspected "smoking guns", but none have been proven conclusively to be as a result of TeamViewer credentials being compromised) – and we suspect it will not be the last. If you use Team Viewer in your business, we would advise implementing two-factor authentication and to implement other appropriate controls for your business – as outlined in the TeamViewer blog.

If you would like to read a bit more about the above attack, please download our case study.

Download Case Study

Subscribe to our Blog

Contact Us

Access cybersecurity advisory services

 

Benjamin Hosack
Benjamin Hosack

Benj Hosack is a Director and co-Founder of Foregenix Limited. Foregenix is a specialist information security business delivering services in Forensics, PCI DSS, PCI P2PE, PA-DSS and information security solutions within the Payment Card Industry. Our technologies are designed to simplify security and PCI Compliance. Specialties: Cardholder Data Discovery - defining and reducing PCI DSS Scope / PA-DSS / PCI DSS / P2PE / Account Data Compromise Investigations. We are specialists in the Payment Card Industry and work with all types of companies in the payment chain (Acquiring banks, Processors, hosting providers, web designers, merchants, systems integrators etc).

See All Articles
SUBSCRIBE

Subscribe to our blog

Security never stops. Get the most up-to-date information by subscribing to the Foregenix blog.