Wednesday, March 3, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Following Oldsmar attack, FBI warns about using TeamViewer and Windows 7

February 11, 2021
in Internet Security
Following Oldsmar attack, FBI warns about using TeamViewer and Windows 7
587
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Image: ZDNet

In the aftermath of the Oldsmar incident, where an unidentified attacker gained access to a water treatment plant’s network and modified chemical dosages to dangerous levels, the FBI has sent out an alert on Tuesday, raising attention to three security issues that have been seen on the plant’s network following last week’s hack.

The alert, called a Private Industry Notification, or FBI PIN, warns about the use of out-of-date Windows 7 systems, poor passwords, and desktop sharing software TeamViewer, urging private companies and federal and government organizations to review internal networks and access policies accordingly.

You might also like

Ransomware puzzle: These two pieces of malware look very different, but they evolved from the same root

Google addresses customer data protection, security in Workspace

Australia’s new ‘hacking’ powers considered too wide-ranging and coercive by OAIC

TeamViewer considered the point of entry

The FBI PIN specifically names TeamViewer as a desktop sharing software to watch out for after the app was confirmed as the attacker’s entry point into the Oldsmar water treatment plant’s network.

According to a Reuters report, officials said the intruder connected to a computer on the Oldsmar water treatment plant’s network via TeamViewer on two occasions last Friday.

In the second one, the attacker actively took control of the operator’s mouse, moved it on screen, and made changes to sodium hydroxide (lye) levels that were being added to drinking water.

While the operator reversed the changes the hacker made almost immediately, the incident became an instant point of contention and discussion among security professionals.

Among the most common point brought up in online discussions was the use of the TeamViewer app to access resources on US critical infrastructure.

In a Motherboard report published on Tuesday, several well-known security experts criticized companies and workers who often use the software for remote work, calling it insecure and inadequate for managing sensitive resources.

While the FBI PIN alert doesn’t take a critical tone or stance against TeamViewer, the FBI would like federal and private sector organizations to take note of the app.

“Beyond its legitimate uses, TeamViewer allows cyber actors to exercise remote control over computer systems and drop files onto victim computers, making it functionally similar to Remote Access Trojans (RATs),” the FBI said.

“TeamViewer’s legitimate use, however, makes anomalous activity less suspicious to end users and system administrators compared to typical RATs.

The FBI alert doesn’t specifically tell organizations to uninstall TeamViewer or any other type of desktop sharing software but warns that TeamViewer and other similar software can be abused if attackers gain access to employee account credentials or if remote access accounts (such as those used for Windows RDP access) are secured with weak passwords.

FBI warns about Windows 7 use… again

In addition, the FBI alert also warns about the continued use of Windows 7, an operating system that has reached end-of-life last year, on January 14, 2020, an issue the FBI also warned US companies about last year.

This part of the warning was included because the Oldsmar water treatment plant was still using Windows 7 systems on its network.

While there is no evidence to suggest the attackers abused Windows 7-specific bugs, the FBI says that continuing to use the old operating system is dangerous as the OS is unsupported and does not receive security updates, which currently leaves many systems exposed to attacks via newly discovered vulnerabilities.

However, a Cyberscoop report published today highlights the fact that the Oldsmar plant, along with many other US water treatment facilities are often underfunded and understaffed.

While the FBI warns against the use of Windows 7 for good reasons, many companies and US federal and state agencies might not be able to do anything about it, barring a serious financial investment into modernizing IT infrastructure from upper management, something that’s not expected anytime soon in many locations.

In these cases, the FBI recommends a series of basic security best practices as an intermediary way to mitigate threats, such as:

  • Use multi-factor authentication;
  • Use strong passwords to protect Remote Desktop Protocol (RDP) credentials;
  • Ensureanti-virus, spam filters, and firewalls are up to date, properly configured, and secure;
  • Audit network configurations and isolate computer systems that cannot be updated;
  • Audit your network for systems using RDP, closing unused RDP ports, applying two-factor authentication wherever possible, and logging RDP login attempts;
  • Audit logs for all remote connection protocols;
  • Train users to identify and report attempts at social engineering;
  • Identify and suspend access of users exhibiting unusual activity;
  • Keep software updated.

Credit: Zdnet

Previous Post

Amazon will support the USC to create a center for machine learning

Next Post

How Effectively Do B2B Marketing and Sales Cooperate?

Related Posts

Ransomware puzzle: These two pieces of malware look very different, but they evolved from the same root
Internet Security

Ransomware puzzle: These two pieces of malware look very different, but they evolved from the same root

March 3, 2021
Google addresses customer data protection, security in Workspace
Internet Security

Google addresses customer data protection, security in Workspace

March 2, 2021
Australia’s new ‘hacking’ powers considered too wide-ranging and coercive by OAIC
Internet Security

Australia’s new ‘hacking’ powers considered too wide-ranging and coercive by OAIC

March 2, 2021
Scientists have built this ultrafast laser-powered random number generator
Internet Security

Scientists have built this ultrafast laser-powered random number generator

March 2, 2021
SolarWinds security fiasco may have started with simple password blunders
Internet Security

SolarWinds security fiasco may have started with simple password blunders

March 2, 2021
Next Post
How Effectively Do B2B Marketing and Sales Cooperate?

How Effectively Do B2B Marketing and Sales Cooperate?

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

An open-source machine learning framework to carry out systematic reviews
Machine Learning

An open-source machine learning framework to carry out systematic reviews

March 3, 2021
The Ways in Which Big Data can Transform Talent Management and Human Resources | by Amelia Jackson | Feb, 2021
Neural Networks

The Ways in Which Big Data can Transform Talent Management and Human Resources | by Amelia Jackson | Feb, 2021

March 3, 2021
Introducing Research Tuesdays: Tuesday’s daily brief
Digital Marketing

Introducing Research Tuesdays: Tuesday’s daily brief

March 3, 2021
Ransomware puzzle: These two pieces of malware look very different, but they evolved from the same root
Internet Security

Ransomware puzzle: These two pieces of malware look very different, but they evolved from the same root

March 3, 2021
Researchers Unearth Links Between SunCrypt and QNAPCrypt Ransomware
Internet Privacy

Researchers Unearth Links Between SunCrypt and QNAPCrypt Ransomware

March 3, 2021
The Effect IoT Has Had on Software Testing
Data Science

The Effect IoT Has Had on Software Testing

March 3, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • An open-source machine learning framework to carry out systematic reviews March 3, 2021
  • The Ways in Which Big Data can Transform Talent Management and Human Resources | by Amelia Jackson | Feb, 2021 March 3, 2021
  • Introducing Research Tuesdays: Tuesday’s daily brief March 3, 2021
  • Ransomware puzzle: These two pieces of malware look very different, but they evolved from the same root March 3, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates