ConnectWise Catastrophe: A Million Companies at Ransomware Risk Due to ‘Easy-Peasy’ Security Flaws!

ConnectWise Flaw Fiasco: Hackers hit the jackpot, exploiting ’embarrassingly easy’ glitches to unleash ransomware havoc. Patch now or cry later!

Hot Take:

Well, isn’t this just a cybercriminal’s buffet? All-you-can-exploit vulnerabilities served on a silver platter by ConnectWise ScreenConnect! With a dash of ’embarrassingly easy’ seasoning, attackers around the globe are having a field day with a duo of digital weaknesses that could make your IT support feel more like IT betrayal.

Key Points:

  • ConnectWise ScreenConnect’s two flaws, CVE-2024-1709 and CVE-2024-1708, are being mass-exploited by nefarious netizens.
  • These vulnerabilities are a hacker’s dream: one for authentication bypass and the other, a path traversal vulnerability.
  • Despite patches being available, thousands of servers are still as exposed as a sunbather at a nudist beach.
  • Various threat actors are throwing a ransomware rave, and the invite list includes LockBit ransomware gang and possibly a China-backed espionage group.
  • ConnectWise plays the elusive card, canceling interviews and steering clear of pesky questions about the digital debacle.
Title: Authentication bypass using an alternate path or channel
Cve id: CVE-2024-1709
Cve state: PUBLISHED
Cve assigner short name: cisa-cg
Cve date updated: 02/21/2024
Cve description: ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.

Title: Improper limitation of a pathname to a restricted directory (“path traversal”)
Cve id: CVE-2024-1708
Cve state: PUBLISHED
Cve assigner short name: cisa-cg
Cve date updated: 02/21/2024
Cve description: ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems.

Need to know more?

Party at ScreenConnect's, and Everyone's Invited!

Imagine throwing a party and forgetting to close the front door. That's essentially what's happening at ConnectWise ScreenConnect's shindig. Mandiant's cybersecurity DJs are spinning the tale of mass exploitation with two vulnerabilities that are easier to use than a microwave. We're talking about a remote access tool that's so popular, it's practically the fast food of IT support, and now the fries come with extra ransomware!

Patches? We Don't Need No Stinking Patches!

ConnectWise was quick to slap some patches on the problem, but it seems they forgot to send the memo to thousands of their servers. These digital dinosaurs are still roaming the web, and each one has the potential to manage more devices than you can shake a USB stick at. Meanwhile, the Shadowserver Foundation is keeping count like a concerned neighborhood watch.

Who's Behind the Mask?

While Mandiant plays coy by not naming names, WithSecure is also peeking through the curtains, observing a fiesta of foul play. They've spotted all the usual suspects: password pilferers, backdoor bandits, and even the occasional ransomware ruffian. The KrustyLoader backdoor makes a cameo, previously linked to a Chinese espionage group with a penchant for digital drama.

LockBit Lads Leap into the Fray

Sophos and Huntress, the Holmes and Watson of cybersecurity, have seen the LockBit gang take a crack at the ConnectWise code. This is fresh off the heels of a supposed smackdown by international law enforcement, proving that you can't keep a good (or bad) ransomware gang down for long. Huntress adds that some attackers are even setting up crypto-mining rigs, because who doesn't love a side hustle?

The Sound of Silence from ConnectWise

ConnectWise seems to be taking a vow of silence, dodging interviews and questions like Neo dodges bullets. With over a million SMBs potentially at risk, the CISO is playing hard to get, leaving poor TechCrunch jilted at the altar. If you're feeling the sting of vulnerability, TechCrunch's Carly Page is ready to lend an ear, with all the secure contact methods you could ask for. Because when it comes to cybersecurity, it's always better to swipe right on safety.

Tags: authentication bypass, ConnectWise ScreenConnect, CVE-2024-1708, CVE-2024-1709, KrustyLoader backdoor, LockBit ransomware gang, path traversal vulnerability, ransomware exploitation