Corsica Technologies Clients Unaffected by this Vulnerability.
ConnectWise, a leading provider of software for MSPs (managed IT service providers), has discovered a significant vulnerability in their ScreenConnect application.
While Corsica Technologies does partner with ConnectWise, we do not use ConnectWise ScreenConnect. This means our clients don’t need to worry about this particular vulnerability.
In this article, we’ll provide some details for our customers, then look at the vulnerability in general terms. Here’s everything we know.
Details: What the ConnectWise ScreenConnect vulnerability means for our clients
1. Your organization is NOT vulnerable to this attack.
Rest assured your organization is not at risk given the vulnerabilities highlighted in recent news. We do not use the ScreenConnect product.
2. We continue to actively monitor cyber threats.
Corsica continues to proactively monitor and identify any cyber threats within your environment as well as our partner ecosystems. This is what we’re here for.
General details on the ConnectWise ScreenConnect vulnerability
While our customers don’t need to worry, this cybersecurity situation is evolving rapidly—and it has a massive potential impact.
ConnectWise ScreenConnect is an RMM (remote management and monitoring) solution that allows MSPs to access and manage clients’ systems from an offsite location. By design, it can support admin-level access to the machines under its care. This makes it the ideal entry point for hackers to execute a supply-chain attack—one in which they compromise an upstream system that gives them access to downstream systems.
On Monday, February 19, 2024, ConnectWise disclosed a critical vulnerability in on-premises instances of their ScreenConnect application. The company recommended that customers update their instances to version 23.9.8 or higher to mitigate the vulnerability.
The company also stated that they had remediated all cloud-hosted instances of ScreenConnect as of February 21, 2024.
The potential impact of the ConnectWise ScreenConnect vulnerability
As of Friday, February 23, The Shadowserver Foundation reported that at least 8,200 vulnerable, on-premises instances of the platform were still exposed to the internet.
Since this software is used by MSPs, each exposed instance represents an unknown number of clients managed by that MSP. If we had to guess, we would estimate that thousands of downstream organizations are still in danger due to this vulnerability.
Unfortunately, ConnectWise can’t apply a patch to on-premises instances. That’s in the hands of the MSPs who manage those instances.
We’re hoping every MSP will jump on this ASAP. Because industry analysts are already reporting active cyberattacks.
Active cyberattacks exploiting the ConnectWise ScreenConnect vulnerability
As of Friday, February 23, The Shadowserver Foundation reported 643 IPs launching attacks against this vulnerability.
In other words, this situation has received widespread attention in hacking communities. Any MSP using an on-premises instance of ScreenConnect should assume they are under attack—or will be soon.
For client organizations, you should find out ASAP whether your MSP uses ScreenConnect hosted on premises. If your MSP does use ScreenConnect on premises, you should assume you’re compromised until your MSP has verified that you aren’t.
What this vulnerability means for midmarket organizations
The ScreenConnect vulnerability is a painful reminder that “set it and forget it” doesn’t work in cybersecurity. Any system can become vulnerable at any time—whether hosted on premises or in the cloud.
Companies can avoid these dangerous scenarios through active, consistent monitoring of cyber threats.
But it’s not enough to monitor only the systems within your own environment. You also need assurances regarding the security of the ecosystems in which you interact with customers, partners, and vendors.
That’s a tall order for midmarket organizations. IT staff have their hands full with day-to-day operations, which leaves no bandwidth for continuous, proactive cybersecurity monitoring and remediation.
For these companies, IT outsourcing to an MSSP (managed security services provider) makes sense. You get access to an entire team of cybersecurity specialists for a fraction of the cost of hiring them in-house. But you have to make sure your MSSP actually remediates incidents. Many will only notify you, leaving the problem in your hands.
Here at Corsica Technologies, we believe notification alone isn’t enough. You deserve remediation too. That’s why we handle cybersecurity from top to bottom and offer our Cybersecurity Service Guarantee, which you won’t find anywhere else. If you’re concerned about your security, reach out to us today, and let’s discuss your future, secured.
Want to learn more about 24/7/365 monitoring and remediation?
Reach out to schedule a consultation with our cybersecurity specialists.
