Hackers are exploiting ConnectWise flaws to deploy LockBit ransomware, security experts warn
Reading Time: 2 minutesSecurity experts are warning that a pair of high-risk flaws in a popular remote access tool are being exploited by hackers to deploy LockBit ransomware — days after authorities announced that they had disrupted the notorious Russia-linked cybercrime gang.
The flaws consist of two bugs. CVE-2024-1709 is an authentication bypass vulnerability deemed ’embarrassingly easy’ to exploit, which has been under active exploitation since Tuesday, soon after ConnectWise released security updates and urged organizations to patch. The other bug, CVE-2024-1708, is a path traversal vulnerability that can be used in conjunction with the other bug to remotely plant malicious code on an affected system.
In a post on Mastodon on Thursday, Sophos said that it had observed ‘several LockBit attacks’ following exploitation of the ConnectWise vulnerabilities.
‘Two things of interest here: first, as noted by others, the ScreenConnect vulnerabilities are being actively exploited in the wild. Second, despite the law enforcement operation against LockBit, it seems as though some affiliates are still up and running,’ Sophos said, referring to the law enforcement operation earlier this week that claimed to take down LockBit’s infrastructure.
Rogers said that Huntress has seen LockBit ransomware deployed on customer systems spanning a range of industries, but declined to name the customers affected.
LockBit ransomware’s infrastructure was seized earlier this week as part of a sweeping international law enforcement operation led by the U.K.’s National Crime Agency. The operation downed LockBit’s public-facing websites, including its dark web leak site, which the gang used to publish stolen data from victims. The leak site now hosts information uncovered by the U.K.-led operation exposing LockBit’s capabilities and operations.
The action, known as ‘Operation Cronos,’ also saw the takedown of 34 servers across Europe, the U.K., and the United States, the seizure of more than 200 cryptocurrency wallets, and the arrests of two alleged LockBit members in Poland and Ukraine.
It remains unknown how many ConnectWise ScreenConnect users have been impacted by this vulnerability, and ConnectWise declined to provide numbers. The company’s website claims that the organization provides its remote access technology to more than a million small to medium-sized businesses.
According to the Shadowserver Foundation, a nonprofit that gathers and analyzes data on malicious internet activity, the ScreenConnect flaws are being ‘widely exploited.’ The non-profit said Thursday in a post on X, formerly Twitter, that it had so far observed 643 IP addresses exploiting the vulnerabilities — adding that more than 8,200 servers remain vulnerable.
Ref: techcrunch
MediaDownloader.net -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope, Ok.ru, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG