ConnectWise Reveals Potential Government-Backed Cyberattack
ConnectWise Discloses Suspected State-Sponsored Hack
ConnectWise, a Florida-based, software provider, has recently disclosed a suspected state-sponsored hack that impacted ScreenConnect users.
Investigations are underway to confirm if an advanced persistent threat (APT) group is behind the cyber-attack, which exploited a high-severity ASP.NET vulnerability.
Overview of The Attack
The attacked unfolded when threat actors exploited a path traversal vulnerability identified as CVE-2019-18935 within the Telerik UI.
This high-severity ASP.NET vulnerability enables an attacker to execute arbitrary commands, leading to control over the ASP.NET application.
ScreenConnect users were then targeted by the attack, causing ConnectWise to disclose the security incident publicly.
The company quickly removed the software build containing the vulnerability to curb the attack.
The Impact of the Attack
ScreenConnect, now renamed ConnectWise Control, is a self-hosted remote desktop software solution widely used by IT departments and tech support teams.
In this incident, hackers exploited the vulnerability to potentially gain unauthorized access to sensitive corporate resources and data.
If the suspicion of state-sponsored hacking is confirmed, this underscores the critical need for organizations to keep all software patched and up-to-date to protect against known vulnerabilities.
The ConnectWise Response
Upon identifying the breach, ConnectWise swiftly initiated steps to mitigate the impact, starting by disabling the compromised software build.
In their official communication, ConnectWise underscored its commitment to providing a safe and secure environment for users.
They have also engaged a third-party forensics team to conduct a thorough investigation of the incident.
In response to this incident, the company is urging its customers to review their systems, apply patches where necessary, and adopt multi-factor authentication (MFA) for enhanced account security.
This breach proves once again the crucial role of timely patch updates, rigorous system checks, and advanced security measures in corporate risk management.
Cybersecurity Best Practices
While updates and patches help mitigate risks, organizations cannot afford to be complacent about cybersecurity.
The best defense against hacks and data breaches includes:
- Prompt application of patches and updates to close off revealed vulnerabilities.
- Implementation of multi-factor authentication to add an extra layer of security.
- Regular auditing and testing of IT infrastructures to identify and address potential vulnerabilities.
- Employee training programs to instil sound cybersecurity practices and to tackle phishing & social engineering attempts.
Follow-Up Reading
Here are a few reliable sources on similar topics:
