How CCleaner Got Hacked...

[509322]

Remember the great CCleaner hub-bub ?

Anyone remember the pages on top of pages of ridiculous nonsense posted about it across the forums ?

Only recently have pertinent details been released - many months later.

In a word... TeamViewer.

SC Media

by Bradley Barth, Senior Reporter

April 24, 2018 CCleaner attackers gained access to app developer's network via TeamViewer

CCleaner attackers gained access to app developer's network via TeamViewer

* * * * *

It just proves that initial reactions to the latest reports of this or that hack, exploit, malware or whatever the IT Security News is milking for every last click-bait are blown way, way out of proportion. Peoples' reactions are irrational and the nonsense spouted flows like a wide and mighty river.

 

[Deleted member 178]

You can't fight leaked credentials or insider criminals unless you deploy NSA/CIA-type of countermeasures/monitoring.

 

[Vasudev]

I switched from Teamviewer to Anydesk. TV 13 wasn't working at all.

 

[Lightning_Brian]

This dude just removed TeamViewer from his computer!! :emoji_grimacing::emoji_hushed::emoji_fearful::emoji_expressionless::emoji_disappointed::emoji_cold_sweat:

 

[TairikuOkami]

You do not need Teamviewer service running at all and you should not have Teamviewer process set to run at startup, just start it when you need it.
Besides, Teamviewer has introduces new features, since people were actively hacked through it, like you need to authorize new devices via email.

the attackers used a VBScript (Microsoft Visual Basic Scripting Edition) file

What a shocker, WSH used to spread malware. :emoji_expressionless:

 

[Sunshine-boy]

I found a better alternative to TeamViewer:
O&O Syspectr | Manage and monitor your network. Anytime. Anywhere.
A lot of features!one of them is remote desktop : )
O&O RemoteDesktop+ – Remote management in the browser | O&O Syspectr

 

[upnorth]

Here's the original Avast source because the one supplied in the scmagazine article dont work.

Recent findings from CCleaner APT investigation reveal that attackers entered the Piriform network via TeamViewer | Avast

To initiate the CCleaner attack, the threat actors first accessed Piriform’s network on March 11, 2017, four months before Avast acquired the company, using TeamViewer on a developer workstation to infiltrate. They successfully gained access with a single sign-in, which means they knew the login credentials. While we don’t know how the attackers got their hands on the credentials, we can only speculate that the threat actors used credentials the Piriform workstation user utilized for another service, which may have been leaked, to access the TeamViewer account.

It actually makes sense that TeamViewer was used as a attack vector considering it's issues.

New TeamViewer Hack

 

[tonibalas]

You do not need Teamviewer service running at all and you should not have Teamviewer process set to run at startup, just start it when you need it.

That's my 1st rule when i install software.
If i don't use the software everyday after installation i am going to services and i set to manual start.
There is no reason for me to see it's service running at every system start up when i am not gonna use it.

 

[Vasudev]

This dude just removed TeamViewer from his computer!! :emoji_grimacing::emoji_hushed::emoji_fearful::emoji_expressionless::emoji_disappointed::emoji_cold_sweat:

I removed TV 13 since it wasn't working on Linux after a clean install, so removed it permanently. Anydesk weighs in under 10MB and quite slick than TV13.

 

[Lightning_Brian]

That's my 1st rule when i install software.
If i don't use the software everyday after installation i am going to services and i set to manual start.
There is no reason for me to see it's service running at every system start up when i am not gonna use it.

@tonibalas and @TairikuOkami That is what I do too. However, I don't use Team Viewer very much any more. Plus, I rather not keep it on my computer. TightVNC is a night little program if anyone wants to use it. It does have to be local or through the use of a VPN to act like a local computer.

~Brian

 

[JoseyWales]

Remember the great CCleaner hub-bub ?

Anyone remember the pages on top of pages of ridiculous nonsense posted about it across the forums ?

Only recently have pertinent details been released - many months later.

In a word... TeamViewer.

SC Media

by Bradley Barth, Senior Reporter

April 24, 2018 CCleaner attackers gained access to app developer's network via TeamViewer

CCleaner attackers gained access to app developer's network via TeamViewer

* * * * *

It just proves that initial reactions to the latest reports of this or that hack, exploit, malware or whatever the IT Security News is milking for every last click-bait are blown way, way out of proportion. Peoples' reactions are irrational and the nonsense spouted flows like a wide and mighty river.

sounds precisely like WH trolling that has swept the country!