A few days back, several users experienced, what must have seemed like a scene straight out of a horror flick, their PCs automatically opening several windows, browser tabs & mouse pointer swerving across the screen trying to log in to Paypal.
Well if you also experienced something similar to this, don’t panic, no spirit possessed your PC. Chances are you might be a TeamViewer user and one of the several affected ones due to widespread hacking of TeamViewer accounts.
Majority of the users reported few days ago but some users also claimed experiencing such an attack as far as six months back. But even after the numerous reports, TeamViewer was adamant on not admitting it got hacked and instead blamed user’s poor password choices. Anyway, we are not here to judged if TeamViewer was at fault or not, but what we are concerned about is the potential of such an attack. When an attacker has direct control over your PC he/she can do damage in umpteen, dangerous ways.
TeamViewer might look like the main culprit here but removing it is not viable or logical. A single person’s account can also be hacked and other alternatives are also not one hundred percent attack-proof. Moreover, TeamViewer is a necessity to many to provide remote tech support to their family without dealing with ports & IP addresses. So we will look at some of the general precautions you can take to shield yourself from the such attacks.
Setting Master Password
Most of us have habit of storing passwords in our browsers. It is one of those habits where we choose convenience over safety. This habit will cost you, if you become victim of such attacks. An alternative is to use password manager (though they are also not immune to attacks), which is advisable, but if you absolutely don’t want to get out of your old habit, a master password gives one more layer of protection.
Chrome uses your Windows login password as master password, as default. For Firefox go to Settings > Security tab > Set Master Password, as shown above.
Setting up Secure Folder
This might sound non sequitur with the topic, but someone who has access to your computer can also go through your private stuff, copy it and distribute it. Setting up a password locked & encrypted folder, where you put all your sensitive files is a great way to thwart the intruder’s any such intentions.
If you are having a professional edition of Windows 8/8.1/10 you can use Bitlocker for the purpose while other users can choose from plenty of third party apps available. Some of the top ones of my head are AxCrpyt, Veracrypt & Symantec Endpoint Encryption.
Not Installing Remote Control Apps
Many popular remote apps, including TeamViewer, have an option to run the app instead of installing. So if you want to remote control for just one time it’s wise to just run the app. If you are not using any app and instead using RDP, then remember to disable RDP access after you are done.
Scanning for Malware
If you suspect something fishy has happened to your PC in your absence, a system wide anti-virus scan should be carried out. An intruder, if failed in finding anything useful, may install a keylogger or worse, ransomware. Even if Windows Defender gives a clean chit, which it does many times, a second scan should be done using some of the popular free anti-virus programs.
Checking Crucial Windows Settings
After scanning for malware & virus, next on the list should be important Windows settings. Check for any new Firewall rules, check for any unwanted apps by going to Control Panel > Uninstall a Program. If you want to achieve paranoid level checks, Regshot, for auditing registry & Windows built in file auditor are also there at your disposal.
Many of the users found out about unauthorized access through browser history, so it should be also checked as it can give vital clues as to what the intruder was trying to accomplish. Apart from this, any extensions and apps you don’t recognize should be removed.
Outside of the technical domain you should also go through your latest bank & credit card statements as well as Paypal, so you can promptly raise a refund claim for the Donald Trump life size cardboard standout.
Cool Tip: You can remotely control your PC as well as Mac remotely from your smartphone, learn the How-To.
Closing Thoughts: Be Really Safe
Hackers & Intruders have really upped their game. Earlier it was limited to mass-leak of login credentials of a certain site, but now it is right at our PC. After this whole affair, TeamViewer did release a statement and introduced trusted devices, but again they did not accept any wrong doing on their part. The intention of this write-up was to guide users in the event such an attack. So if you have any comments and thoughts, please do share with us.