New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


FBI Warns of TeamViewer and Windows 7 Usage

Following the Oldsmar, Florida attack where an attacker gained remote access to a water treatment plant computer and modified one of the chemical additives to dangerous levels, the FBI has sent out an alert that raises attention to three possible security issues that contributed to the plant’s security incident. The alert, called a Private Industry Notification or FBI PIN, warns about the use of poor passwords, out-of-date Windows 7 operating systems, and the desktop sharing software TeamViewer. The alert urges companies and governmental agencies to review internal networks and access policies. The FBI PIN named TeamViewer as the entry point for the attack in the Oldsmar water treatment plant’s network. The attacker was successfully able to access a water treatment control computer, take control of the mouse, moved it on the screen, and made changes on to the sodium hydroxide (lye) levels that were being added to the drinking water level. Luckily the plant operator was able to reverse the changes almost immediately. TeamViewer has been criticized by several well-known security experts who have called it insecure and inadequate for managing sensitive resources. While the FBI PIN alert does not take a critical stance on TeamViewer, it would like all organizations to consider remote access app configuration, including using Multi-Factor Authentication and strong passwords.

In addition, the FBI alert warns of the use of Windows 7, which reached its end-of-life on Jan 14th, 2020. Due to the end-of-life, this version will no longer receive security updates or stability updates from Microsoft. This warning was issued due to the water treatment plant still using Windows 7 on its network.

Analyst Notes

In the Oldsmar water treatment plant incident, the potential damage and danger that could have resulted was averted due to an alert employee noticing the attacker had accessed the computer and quickly putting a stop to it. It is critically important for all critical systems to be monitored 24 hours a day to recognize unusual and dangerous activity by any user account and investigate. While the FBI has not recommended TeamViewer to be removed, it is advisable to actively test the security configurations of all remote access software. There are several third-party penetration testing companies, such as our sister company TrustedSec, that can test the security systems on an organizations network and provide recommendations on how to secure networks. Binary Defense provides manged security services with 24/7 monitoring of systems by our Security Operations Task Force. It is also advised that once an operating system has reached its end-of-life, such as Windows 7, that operating system should be replaced with a newer and supported operating system as soon as possible.

Source Article: