Surge in Cyber Attacks, Including Ransomware, Observed Among ConnectWise Users

Instances of the ConnectWise ScreenConnect remote management platform are now under attack from cyber threats after a critical vulnerability in the service was disclosed. One individual using a leaked variant of LockBit ransomware is among those carrying out the attacks. The vulnerability, known as CVE-2024-1709, is easy to exploit and allows for authentication bypass. Another less severe but still dangerous issue, CVE-2024-1708, is also circulating. ConnectWise has released patches to address the vulnerabilities and users are advised to apply them immediately. As predicted, attacks are already occurring, with multiple instances of malware, Remote Access Trojans (RATs), infostealers, password stealers, and ransomware being used against vulnerable ScreenConnect servers. Users are urged to isolate vulnerable servers and clients, patch them, and look for signs of compromise. Action1, a patch management specialist, warns that thousands of instances could potentially be compromised. Cloud customers hosting ScreenConnect servers on certain domains are not affected. Approximately 9,000 vulnerable instances of ScreenConnect are exposed to the internet, with around 500 in the UK. Sophos emphasizes the need for users to go beyond patching and to proactively assess their exposure and investigate for potential malicious activity. ConnectWise has stated that the vulnerabilities have been swiftly addressed, with cloud partners automatically protected and on-premise customers urged to apply the provided patch. ConnectWise is committed to the security of its systems and will continue to address vulnerabilities promptly. At this time, there is no direct link established between the vulnerability and any security incidents.

Unlock your business potential with our expert guidance. Get in touch now!

Robot-bot-chatbot-AI.jpg

A Jobseeker’s Handbook: Leveraging AI and Its Implications for Employers

tr_20241220-top-software-development-technologies.jpg

8 Key Software Development Technologies to Watch in 2025

cloud-money-finance-investment-savings-adobe.jpg

AWS Provides Hackney Council with a Minimum 22% Discount on Cloud Services via OGVA 2.0

tr_20241219-eu-guidance-ai-privacy-laws.jpg

EU Provides Guidance for AI Developers on Compliance with Privacy Regulations

IT-sustainability-think-tank-hero.jpg

IT Sustainability Think Tank: Insights from 2024 and Key Priorities for 2025

AdobeStock_210063189.jpg

NVIDIA Unveils New Mini Developer Kit for Generative AI

technology-digital-ai-binary-adobe.jpeg

Digital Ethics Summit 2024: Understanding the Socio-Technical Aspects of AI