SECURITY
SECURITY
SECURITY
ConnectWise warns customers of ongoing ransomware campaign
Remote IT management solutions firm ConnectWise LLC is warning customers that hackers are targeting its software to install ransomware.
Florida-based ConnectWise, acquired by Thomas Bravo for $1.5 billion in February, provides collaboration and management solutions to firms such as Liberty Technology Inc. The company’s Automate remote monitoring and management product is the specific target of those behind the attacks.
First notifying customers via Twitter on Nov. 7, ConnectWise said it was aware of “recent reports of malicious actors targeting open ports for ConnectWise Automate on-premises application to introduce ransomware.”
“Please ensure that your ports are not left open to the internet based on our best practices,” the company added. In a separate Tweet, ConnectWise said that “in an effort to protect our partners, we will not publicly disclose the specific port that is being targeted. We are communicating with our impacted Automate on-premise partners and are happy to answer any questions offline.”
As Search Security pointed out, the company didn’t provide details such as when the attacks occurred, what type of ransomware was used, how many ConnectWise customers were targeted and if any of the ransomware attacks were successful.
James Carder, chief information security officer and vice president at security operations provider LogRhythm Inc., told SiliconANGLE that criminals always look for the easiest way to break into an organization.
“In cases like ransomware, the goal is to use the initial access into the environment to move to and compromise as many systems as possible,” Carder explained. That way, he said, the attacker can rapidly inflict as much pain as possible, bringing the company to its knees and maximizing the attacker’s reward.
“The most obvious entry point that satisfies this scenario is an approved, privileged, understood, knowledgeable and centralized system used to manage a company’s computer systems,” Carder added. “If an attacker compromises that system, he gets unfettered access to the entire environment. Moreover, he can thwart many security operations teams. Installing software (since ransomware is nothing more than software) is likely standard operating procedure for that system, so it still appears to be acting normally.”
Image: ConnectWise
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
