Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

The ConnectWise cyberattack just got a whole lot worse

An abstract image of a lock against a digital background, denoting cybersecurity.

The recent ConnectWise cyberattack may have taken an unwanted turn for the worse after multiple security companies confirmed hackers are exploiting recently discovered flaws en-masse.

Last week, ConnectWise confirmed finding and patching two critical security vulnerabilities in its ScreenConnect product.

"Vulnerabilities were reported February 13, 2024, through our vulnerability disclosure channel via the ConnectWise Trust Center," ConnectWise warned in a security advisory.

Major campaign

At the time the advisory was issued, the company had no evidence of exploitation in the wild, “but immediate action must be taken by on-premise partners to address these identified security risks," it warned.

The two flaws are now tracked as CVE-2024-1709 (authentication bypass flaw), and CVE-2024-1708 (path traversal vulnerability). The bugs could be used to drop malware on vulnerable ScreenConnect instances (versions 23.9.7 and older), and steal sensitive data - all without requiring user interaction.

ScreenConnect is a remote access platform, allegedly used by more than one million companies around the world.

A company spokesperson told TechCrunch the majority of its clients (80%) use cloud-based environments which were patched within two days.

Now, security researchers Mandiant, WithSecure, Sophos, and Huntress, all confirmed mass exploitation of the flaw. Even some high-profile names, such as the LockBit ransomware gang, were confirmed to have been using the flaw to deploy droppers. 

Mandiant recently published a blog post saying it “identified mass exploitation." A few days later WithSecure observed “en-mass exploitation” from multiple groups using the flaws to drop password stealers, backdoors, and even ransomware

Huntress said it observed “a number of adversaries”, including LockBit, which was recently a target of a major international law enforcement operation.

It is yet impossible to determine exactly how many firms were affected by the flaws, but TechCrunch reported that more than one million SMBs managing over 13 million devices are ConnectWise customers. 

More from TechRadar Pro

  • ConnectWise remote access tool hacked — security pros are saying it is bad, so patch now
  • Here's a list of the best firewalls around today
  • These are the best endpoint security tools right now
Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.