Security researchers have identified a significant threat to companies worldwide as a popular remote-access tool, ConnectWise ScreenConnect, is being mass exploited. The vulnerabilities in the software are being abused by hackers to deploy ransomware and steal sensitive data, posing a serious risk to over a million businesses globally.
Key Takeaway
ConnectWise ScreenConnect is facing mass exploitation of critical vulnerabilities, posing a significant risk to businesses globally. Immediate action is required to install security patches and mitigate the potential impact of these flaws.
Mass Exploitation of Vulnerabilities
Cybersecurity giant Mandiant has reported the mass exploitation of two critical flaws in ConnectWise ScreenConnect. The vulnerabilities, identified as CVE-2024-1709 and CVE-2024-1708, are being actively abused by threat actors to bypass authentication and remotely plant malicious code on vulnerable customer instances.
Immediate Security Patches Urged
ConnectWise disclosed the flaws on February 19 and urged on-premise customers to install security patches immediately. However, despite the advisory, thousands of servers remain vulnerable, leaving up to 150,000 customer devices at risk of exploitation.
Threat Actors Exploiting Vulnerabilities
Security researchers have identified various threat actors exploiting the vulnerabilities to deploy ransomware, conduct multifaceted extortion, deploy password stealers, back doors, and in some cases, cryptocurrency mining software. The extent of the impact on ConnectWise ScreenConnect customers and end users is not yet known.