ScreenConnect Vulnerabilities Signal Wake-Up Call for Service Providers

The disclosure by ConnectWise of vulnerabilities within its ScreenConnect channels last month sent shockwaves through the managed service provider (MSP) and managed security services provider (MSSP) communities.

The vulnerabilities, labeled as “critical,” sounded the alarm on the potential for large-scale cyberattacks through the misuse of remote monitoring and management (RMM) software by threat actors.

Given the widespread use of ScreenConnect, cybersecurity experts warned of possible significant impact during the incident, with over 1,600 vulnerable servers having been affected.

On-premise ScreenConnect users urged to act quickly

The vulnerabilities, identified as an “authentication bypass flaw” and “improper limitation of a pathname to a restricted directory,” opened the door for attackers to remotely access sensitive data and execute malicious code on vulnerable servers.

While the majority of the company’s cloud-based customer environments had been automatically patched once active exploitation had been confirmed, on-premise ScreenConnect users were urged to apply the provided security fix immediately.

Easy exploitation demands proactive measures

The severity of the ScreenConnect vulnerabilities, notably CVE-2024-1709 and CVE-2024-1708, extend far beyond last month’s exploitation. Security experts at Huntress warned that the flaws could lead to authentication bypass and path traversal issues, paving the way for cybercriminals to orchestrate massive supply chain attacks.

The ease with which trusted software like ConnectWise was exploited underscores the pressing need for proactive measures.

4 key takeaways for MSPs and MSSPs

The vulnerabilities within the ScreenConnect software pulled off the sheets on the potential for exposure in similar remote access tools that can easily be hacked. Organizations using ScreenConnect and other RMM tools are cautioned to remain vigilant and follow these best practices:

1. Pay close attention to issued security alerts and ensure timely software updates.
2. Strengthen monitoring protocols and cybersecurity measures to counter potential ransomware and supply chain attacks.
3. Collaborate with security experts to prioritize patching vulnerable systems and preventing exploitation.
4. Adopt a proactive security posture that addresses immediate threats, hardens the attack terrain, and drives security at scale.

The ScreenConnect incident serves as a stark reminder of the growing threat landscape MSPs and MSSPs face. With a concerted effort to prioritize security updates and adopt a proactive security stance, organizations can safeguard their systems and data against cyberattacks.

Former LulzSec hacker turned Principal Security Advisor Cody Kretzinger recently joined our Partner POV podcast and video series to discuss the current state of cybersecurity and how MSPs can protect their clients in 2024.