ConnectWise alerts on remote desktop phishing campaign

By on
ConnectWise alerts on remote desktop phishing campaign

MSP technology platform provider ConnectWise this week warned of a new sophisticated phishing campaign that could provide unauthorised access to the its Control remote desktop software application.

ConnectWise Control is a software application that lets remote workers and IT teams connect to remote endpoints operating with Windows, MacOS, ChromeOS, Linux and Unix, and nearly every major browser.

“We are aware of a phishing campaign that mimics ConnectWise Control New Login Alert emails and has the potential to lead to unauthorised access to legitimate Control instances."

"We know email phishing attacks continue to get more sophisticated, mirroring legitimate email and web content,” ConnectWise wrote in the advisory.

As part of the advisory, ConnectWise also provided a link to a security alert checklist of how to respond in case of a suspicious security email alert.

It also provided a separate link to the ConnectWise Control security guide.

The possibility of a phishing attack is always serious, said Patrick Beggs, ConnectWise chief information security officer.

In the case of the latest warning, it is just an alert to be careful when using ConnectWise Control and not a flaw, Beggs told CRN.

“There have been no successful attacks to our knowledge,” he said.

“We are seeing an uptick in activity, so we wanted to get good information out there and make sure people are diligent and aware. I spent years in government.

"We probably over-communicate,” Beggs said.

The ConnectWise Control advisory comes just weeks after Key Pyle, a researcher with Philadelphia-based cybersecurity firm CYBIR, last month discovered an actual flaw in ConnectWise that would allow attackers to take remote control over a user’s system if a user clicked on a link in a phishing attack, according to security news site Krebs On Security.

Beggs said that researcher reached out to ConnectWise to identify the issue, after which ConnectWise pushed out a patch.

“We work with the research community all the time,” he said.

Beggs, after the October flaw was discovered, said that “ConnectWise takes the security of our products and our partners very seriously."

"We truly appreciate any and all information, regardless of the level of detail, that our community can provide to help us continually improve our products and services," he added.

ConnectWise released Control versions 22.8.10013 and 22.9.10032 to mitigate the URL manipulation as reported by the security researcher.

These builds were publicly released within a week of receiving the researcher‘s initial report.

The current vulnerability follows a flaw found in October this year that could allow for remote code execution in ConnectWise R1 Soft servers.

Approximately 5000 R1 Soft servers were at risk, according to security researchers at Huntress.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © 2018 The Channel Company, LLC. All rights reserved.

Most Read Articles