The remote login software acknowledged a ‘significant’ number of users have been hit by attacks involving stolen passwords
TeamViewer, which makes a popular remote-login software package, has said it will introduce new security features in response to a rash of reports of attackers using the platform to infiltrate users’ systems.
One of the features tightens controls on new devices accessing the service, while another forces a password reset if a user exhibits unusual behaviour.
The company said the attacks were the result of careless password management on the part of users, combined with several large-scale data breaches involving social networks including LinkedIn, MySpace, Tumblr and Fling.
The attackers used passwords made public following those breaches to take control of TeamViewer accounts that used the same password, the company said.
Users have reported their systems being made use of to carry out unauthorised bank and PayPal transfers and to cause other damage.
“We are appalled by the behaviour of cyber criminals, and are disgusted by their actions towards TeamViewer users,” the Göppingen, Germany-based firm said in an open letter to users. “They have taken advantage of common use of the same account information across multiple services to cause damage.”
The company said it does not itself store any password data.
TeamViewer hasn’t indicated the number of attacks, but has said the scale appears to be “significant”, something also suggested by the large number of reports of attacks by users on social media services including Reddit and Twitter.
While such attacks on users’ systems have occurred in the past, they have become much more frequent over the past few days, according to reports.
The spike occurs soon after the data stolen from LinkedIn and other sites – including more than 642 million passwords – went up for sale on black-market websites.
IBM computer security researcher Nick Bradley became one of the most recent to report a TeamViewer attack, saying he saw an intruder begin using his computer while he was in the middle of a gaming session.
Recalling that he had another system running TeamViewer, he found that the intruder was in the midst of exploring that computer, too.
“The attacker opens a browser window and attempts to go to a new web page,” Bradley wrote in a blog post. “As soon as I reach the machine, I revoke control and close the app. I immediately go to the TeamViewer website and change my password while also enabling two-factor authentication.”
Bradley, who manages IBM’s Cyber Threat Research and the X-Force Threat Analysis Group, said that in his case the attack appeared to be connected with the leak of LinkedIn passwords, and advised users not to reuse passwords between applications and systems.
“Had I not been there to thwart the attack, who knows what would have been accomplished?” he wrote.
Are you a security pro? Try our quiz!