Remote access tool TeamViewer has been exploited in new ransomware attacks for initial network access and LockBit ransomware-based encryptor deployment, reports BleepingComputer.
Attempts to compromise two endpoints via TeamViewer were conducted by a single threat actor through the deployment of a DOS batch file on desktop, which facilitated the execution of a DLL payload, although the infections were either contained or averted, according to a Huntress report. No ransomware operation has been officially associated with the intrusions but researchers said that the payload resembled encryptors for the LockBit ransomware based on the exposed LockBit Black builder. Meanwhile, TeamViewer has attributed most unauthorized access cases to lapses in default security settings.
"This often includes the use of easily guessable passwords which is only possible by using an outdated version of our product. We constantly emphasize the importance of maintaining strong security practices, such as using complex passwords, two-factor-authentication, allow-lists, and regular updates to the latest software versions. These steps are critical in safeguarding against unauthorized access," said TeamViewer.