Experts Warn: ConnectWise Software Vulnerabilities Being Exploited in Large-Scale Cyber Attacks

Yellow Padlock Cyber Rating Getty
Security researchers say a pair of easy-to-exploit flaws in a popular remote access tool used by more than a million companies around the world are now being mass-exploited, with hackers abusing the vulnerabilities to deploy ransomware and steal sensitive data. ConnectWise first disclosed the flaws on February 19 and urged on-premise customers to install security patches immediately. Finnish cybersecurity firm WithSecure said in a blog post Monday that its researchers have also observed “en-mass exploitation” of the ScreenConnect flaws from multiple threat actors. It’s not yet known how many ConnectWise ScreenConnect customers or end users are affected by these vulnerabilities, and ConnectWise spokespeople did not respond to TechCrunch’s questions. The company’s website claims that the organization provides its remote access technology to more than a million small to medium-sized businesses that manage over 13 million devices.

Security Experts Warn: ConnectWise Vulnerabilities Being Exploited by Hackers to Deploy LockBit Ransomware

Ransomware Bugs Black Samuil Levich Getty
Security experts are warning that a pair of high-risk flaws in a popular remote access tool are being exploited by hackers to deploy LockBit ransomware — days after authorities announced that they had disrupted the notorious Russia-linked cybercrime gang. In a post on Mastodon on Thursday, Sophos said that it had observed “several LockBit attacks” following exploitation of the ConnectWise vulnerabilities. “Two things of interest here: first, as noted by others, the ScreenConnect vulnerabilities are being actively exploited in the wild. Rogers said that Huntress has seen LockBit ransomware deployed on customer systems spanning a range of industries, but declined to name the customers affected. The company’s website claims that the organization provides its remote access technology to more than a million small to medium-sized businesses.

** Warning: High-Risk Exploit of ConnectWise Vulnerability Poses Harm, Researchers Claim

Connectwise Flaw Huntress Security
Researchers warn high-risk ConnectWise flaw under attack is ’embarrassingly easy’ to exploit “I can’t sugarcoat it — this shit is bad," said Huntress' CEOSecurity experts are warning that a high-risk vulnerability in a widely used remote access tool is “trivial and embarrassingly easy” to exploit, as the software’s developer confirms malicious hackers are actively exploiting the flaw. The maximum severity-rated vulnerability affects ConnectWise ScreenConnect (formerly ConnectWise Control), a popular remote access software that allows managed IT providers and technicians to provide real-time remote technical support on customer systems. Cybersecurity company Huntress on Wednesday published an analysis of the actively exploited ConnectWise vulnerability. ConnectWise also released a fix for a separate vulnerability affecting its remote desktop software. The U.S. agencies also observed hackers abusing remote access software from AnyDesk, which was earlier this month forced to reset passwords and revoke certificates after finding evidence of compromised production systems.