Potential threats of using outdated Windows 7 systems, weak passwords, and desktop sharing software TeamViewer have been doing rounds since early 2020. In a Private Industry Notification (PIN), the FBI once again urged the federal government and private organizations to review their internal networks for any suspicious activities. The alert comes on the heels of a recent attack on the Oldsmar water treatment plant’s network in which attackers remotely accessed the software that controlled the chemicals used in treating the water before it is supplied to the city.
The agencies including the Cybersecurity and Infrastructure Security Agency (CISA), the Environmental Protection Agency (EPA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) stated that cybercriminals exploited out-of-date Windows 7 systems, TeamViewer software, and weak account passwords of the operators at the plant to breach the network.
Threats with Remote Access Tools
The FBI stated that cybercriminals often target desktop sharing software like TeamViewer to perform social engineering and phishing attacks on unwitting users.
“Beyond its legitimate uses, when proper security measures aren’t followed, remote access tools may be used to exercise remote control over computer systems and drop files onto victim computers, making it functionally similar to Remote Access Trojans (RATs). TeamViewer’s legitimate use, however, makes the anomalous activity less suspicious to end-users and system administrators compared to RATs,” FBI said.
For secured use of TeamViewer software, the agency recommended some security steps. These include:
- Do not use unattended access features, such as Start TeamViewer with Windows and Grant easy access.
- Configure TeamViewer service to manual start, so that the application and associated background services are stopped when not in use.
- Set random passwords to generate ten-character alphanumeric passwords.
- When configuring access control for a host, utilize custom settings to tier the access a remote party may attempt to acquire.
- Utilize the Block and Allow list which enables a user to control which other organizational users of TeamViewer may request access to the system. This list can also be used to block users suspected of unauthorized access.
Issues with Windows 7 OS
Microsoft ended the security updates and technical support for their Windows 7 Operating System on January 14, 2020. The FBI warned that enterprises running Windows 7 systems are vulnerable to getting hacked due to lack of security updates, making it difficult to defend against the persistent malicious activities of cybercriminals. “Cyber actors continue to find entry points into legacy Windows operating systems and leverage Remote Desktop Protocol (RDP) exploits,” FBI added.
Cyber Hygiene
The agency also recommended certain cyber hygiene measures to protect against the potential risks. These include:
- Update to the latest version of the Operating System (e.g., Windows 10).
- Use multi-factor authentication.
- Use strong passwords to protect Remote Desktop Protocol (RDP) credentials.
- Ensure anti-virus, spam filters, and firewalls are up to date, properly configured, and secure.
- Audit network configurations and isolate computer systems that cannot be updated.
- Audit logs for all remote connection protocols.
- Train users to identify and report attempts at social engineering.
- Identify and suspend access of users exhibiting unusual activity.
The authorities also advised users, security admins, and organizations to report suspicious cybercriminal activities at www.fbi.gov/contact-us/field.
Related Story: Cybercriminals Attempt Poisoning Florida City’s Water Supply
