A recent cybersecurity alert issued by a major IT software organization had a chilling effect on manage service providers.
ConnectWise, the 38-year-old software outfit widely considered a “dominant force” in the industry, may not be a household name outside technology circles. But there’s a significant possibility that the professionals contracted to manage corporate IT are using ConnectWise products. That means flaws in the foundational software can create wide-reaching cybersecurity gaps.
“We are on high alert. Last week we saw a report of another MSP partner with indicators of compromise in their system, then this week a formal acknowledgment from ConnectWise has the whole community looking over their systems,” Steve King of Intelice Solutions reportedly said. “Groups like MSP Geek (mspgeek.com) have been critical in staying ahead of this news, with their Slack channel serving as a rallying point for hundreds of peers in the same situation.”
What Industry Leaders Need to Know About ConnectWise Vulnerability
Non-technology professionals need not understand the subtle insider details about how a problem with ConnectWise software can impact their seemingly unrelated business. In laymen’s terms, if a ConnectWise product can be used to deliver malicious software and your in-house or third-party specialist uses one or more items, that opens the door to penetrate your system.
One way to understand breaches via software is that they act somewhat like a backdoor for cybercriminals to walk through and steal digital assets. Managed IT experts are on heightened alert over the recent vulnerability report because ConnectWise delivers popular Cloud-based products. The company has also suffered credibility issues after previously failing to provide prompt transparency, according to IT experts.
“The communication from CW has been better than in the past, but we get the feeling there are a lot of holes left to plug,” King reportedly said. “Skilled adversaries are aware of these RMM systems and there are signs this recent threat is already being scanned for, after reviewing connection logs from as recent as today.”
ConnectWise came under fire after IT outsourcing giant Wipro was reportedly breached through a ConnectWise Control. The breach impacted 23 employee accounts and penetrated more than 100 customer endpoint devices. In 2020, at least eight vulnerabilities have been reportedly detected that include the following.
- Cross-Site Request Forgery
- Cross-Site Scripting
- Cross-Origin Resource Sharing Misconfiguration
- Remote Code Execution
- Information Disclosure
- User Enumeration
- Missing Security Headers
- Insecure Cookie Scope
“Using the vulnerabilities documented in this disclosure, it was possible to create an attack chain that begins with coercing a SaaS user to visit an attacker-controlled website and ends with the complete takeover of the victim's ConnectWise Control instance. This includes the ability to execute arbitrary code on the Control server as well as the ability to connect to any client machine connected to the victim's Control instance,” according to a security advisor.
ConnectWise Improves Transparency, Delivers Solution
Although industry leaders may be taken aback by what appears to be subpar software, managed IT experts generally agree that no product is immune to emerging threats. Users receive ongoing updates and patches to close gaps as they are revealed. The fact that ConnectWise has been forthcoming about this issue and offers quick solutions has been cause for measured confidence.
“It’s a step in the right direction that a private bug bounty program is in place, but that effort needs to bear fruit and not just be for show,” King reportedly said.
ConnectWise recently reported a pair of attempts to breach its on-premises Automate accounts. The software outfit sent out an alert to update and leverage multi-factor authentication security.
“Multi-Factor Authentication (MFA) is enabled by default in versions 2020.1 and higher for users logging in with local credentials,” Adam Rippon of Sydney Technology Solutions reportedly advised. “Before upgrading to version 2020.1 or later, email settings must be configured, and each user must have a unique and valid email address entered in their user profile. For more information, refer to Multi-Factor Authentication for Automate.”
To prepare to make this change, Rippon suggests taking the following steps.
“Configure Email Settings for your system. If you have not previously configured these settings because you are concerned about receiving too many notifications or are using a PSA integration, please refer to Control Ticket Messages for information on silencing notifications by turning off ticket messaging,” Rippon reportedly said. Go to “Navigate to System > Users and Contacts > Users and ensure that all users in your system have a unique and valid email address entered in their user profile.”
If your organization has invested in a Cloud-based footprint, business leaders may want to consider communicating with their managed IT specialist about the use of ConnectWise products and potential cybersecurity vulnerabilities. It’s critical to have the best defense possible to protect your digital assets and be able to sleep easy.
