Numerous security firms have confirmed that hackers are taking advantage of newly identified vulnerabilities in large quantities, which may have caused the recent ConnectWise breach to unintentionally worsen.
ConnectWise verified in February 2024 that two serious security flaws in its ScreenConnect product had been identified and fixed.
In a security advisory, ConnectWise stated, “Vulnerabilities were reported February 13, 2024, through our vulnerability disclosure channel via the ConnectWise Trust Centre.”
Although there was no proof of exploitation in the wild at the time the advisory was released, the company cautioned that “immediate action must be taken by on-premise partners to address these identified security risks.”
The two vulnerabilities are currently being tracked under the names CVE-2024-1708 (path traversal vulnerability) and CVE-2024-1709 (authentication bypass fault). Without needing user input, the flaws might be leveraged to drop malware and steal confidential data from vulnerable ScreenConnect instances (versions 23.9.7 and older).
ScreenConnect is a remote access platform purportedly utilised by over a million businesses globally.
Some 80% of its clients use cloud-based settings, which were patched in two days, according to a firm spokeswoman who talked with TechCrunch.
Security researchers Huntress, WithSecure, Mandiant, and Sophos have now all confirmed widespread exploitation of the vulnerability. It was even proven that several well-known entities, like the LockBit ransomware group, have been utilising the vulnerability to distribute droppers.
In a recent blog post, Mandiant claimed to have “identified mass exploitation.” A few days later, WithSecure noticed that numerous parties were employing “en-mass exploitation” of the vulnerabilities to release ransomware, backdoors, and password stealers.
According to Huntress, it saw “a number of adversaries,” among them LockBit, which was lately the focus of a significant global law enforcement investigation.
Although the precise number of businesses impacted by the bugs is still unknown, TechCrunch stated that over a million SMBs in charge of over 13 million devices are ConnectWise users.