Navigate

The LockBit Ransomware is Being Spread Through a Vulnerability in the ConnectWise Remote Access Software

Cybercriminals are taking advantage of two serious vulnerabilities in the remote access software ConnectWise ScreenConnect to deploy the LockBit ransomware, indicating that the eponymous hacker group’s resources are still operational, to some extent.

Cybersecurity experts within the companies ‘Huntress’ and ‘Sophos’ have recently reported spotting LockBit attacks executed through vulnerabilities in the popular remote access software, ConnectWise ScreenConnect. The attackers are exploiting two vulnerabilities. The bug, labeled CVE-2024-1709, allows for authentication bypass and is considered unusually easy to exploit. Just last Tuesday, it was heavily exploited following the release of a software update by ConnectWise that patched the flaw and urged customers to install it. A second bug, labeled CVE-2024-1708, allows for the remote delivery of malicious code into a vulnerable system.

Experts underscore two main points. Firstly, ScreenConnect’s vulnerabilities are being actively exploited by cybercriminals. Secondly, despite law enforcement agencies from several countries launching operations to take down them down, some of LockBit’s resources continue to operate. Law enforcement from various countries reported a large-scale operation earlier this week, which led to the shutting down of 34 servers in Europe, the UK, and the US, confiscation of more than 200 cryptocurrency wallets and the arrest of two alleged LockBit members in Poland and Ukraine.

Experts who detected this new wave of attacks say it’s difficult to directly attribute them to LockBit as the group has a broad reach and extensive partner network. It’s impossible to completely dismantle such a wide-spread and well-established network quickly, even within the scope of a substantial international operation. ConnectWise reportedly stated that there isn’t a mass deployment of the ransomware through their software currently. Yet, according to the non-profit organization Shadowserver Foundation, which tracks malicious internet activity, the software’s vulnerabilities continue to be exploited. Just one day ago, threats were emerging from 643 IP addresses, with more than 8200 servers remaining vulnerable.

This post was last modified on 02/24/2024

LockBit
Harry Males: Hey there, I'm Harry Males, your go-to news writer at Dave's iPAQ, where I traverse the intricate landscape of technology, reporting on the latest developments that shape our digital world. With a pen in hand and a passion for all things tech, I dive deep into the realms of Software, AI, Cybersecurity, and Cryptocurrency to bring you the freshest insights and breaking news. Artificial Intelligence is not just a buzzword for me – it's a captivating realm where machines mimic human intelligence. From the wonders of machine learning to the ethical considerations of AI, I'm dedicated to keeping you informed about the advancements that are reshaping industries and everyday life. Beyond the bylines and breaking news, I believe in fostering a community of tech enthusiasts. Whether it's engaging in discussions on forums, attending tech conferences, or sharing insights on social media, I aim to connect with readers who share a passion for the ever-evolving world of technology.
Related Post
  1. Unique Browser, Arc, Released for Windows
  2. Hackers Breach Fujitsu – Customer Data Potentially Stolen
  3. The GhostRace vulnerability allows data theft from any modern x86, Arm, and RISC-V processor.
  4. The new version of Apple CarPlay implies deeper level integration
  5. Vulnerability Found in Intel’s Most Advanced Processors – Patches May Reduce Performance by up to 10%