A recently revealed report ensures that some partners of ConnectWise, a prestigious security firm, have been affected by a severe ransomware infection. According to malware reverse engineering experts, the attack was made possible by an unpatched flaw in the company’s software. Soon after, the Florida-based company confirmed the presence of a critical vulnerability in ConnectWise Automate software was exploited to compromise its IT infrastructure.
ConnectWise is a managed service provider (MSP), which means it provides remote consulting and support to thousands of customers or partners worldwide, as malware reverse engineering experts mention.
“We can confirm that a small portion of our partners were affected by this failure,” a ConnectWise spokesperson said Thursday night. The company added that it is tracking each particular case to determine the severity of the incident. ConnectWise security teams also announced the release of a fix, so they are advising administrators who have not implemented the required security measures.
However, malware reverse engineering specialists believe that the flaw revealed by the company can be exploited by various methods. In other words, although ConnectWise has already released a fix, threat actors might find other attack vectors to carry out an attack.
In this regard, Kyle Hanslovan, who provides a computer threat monitoring service for MSP signatures, mentioned that multiple hacker groups are abusing this failure to collect passwords from exposed ConnectWise Automate servers: “Hackers can extract this information from unpatched systems; there is no way to change a password in this implementation, so the risk of exploiting this failure has not been mitigated,” the expert says.
On the other hand, Jason Slagle, vice president of one of the firms associated with ConnectWise, says his IT team considers this a really serious threat: “Although I have been assured that their best developers are working on this flaw, we send them some recommendations and approaches to address these flaws, Slagle says.
ConnectWise assured its customers that the security mechanisms in the company will be updated: “We are launching the project for the creation of additional communication channels to update partners on security bulletins and active risk mitigation steps,” the spokesman concluded.
For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.