Worried about Cloud Security? Why On-Premise is More Dangerous
ConnectWise is warning its customers that hackers are targeting its on-premise software to gain access to client networks and install ransomware.
Attackers Targeting On-Premise Software
Remote IT management solutions firm ConnectWise is warning its customers that hackers are targeting its on-premise software to gain access to client networks and install ransomware.
First notifying its customers via Twitter on November 7, ConnectWise said it was aware of “recent reports of malicious actors targeting open ports for ConnectWise Automate on-premises application to introduce ransomware…Please ensure that your ports are not left open to the internet based on our best practices.”
In a separate statement, ConnectWise said that “in an effort to protect our partners, we will not publicly disclose the specific port that is being targeted. We are communicating with our impacted Automate on-premise partners and are happy to answer any questions offline.”
The company is recommending that customers visit a support page and follow the steps provided to secure the on-premise Automate implementations and prevent the attacks. These steps involve closing Automate ports exposed to the internet.
Reaction to the Attacks
Some customers who received this information were confused and wanted to know more, such as the actual ports that were being exploited or the type of attacks. One such user pointed out that the support page appears to contradict itself by persuading customers to open the ports, then to close it.
That exact document you are linking to STILL says to open up a boatload of ports, and in a single sentence says to open up 3306 and later says not to, while not saying if TCP/UDP either... It's frankly not clear and some would open up everything in that doc I bet.— Brian Martin (@exr90) November 8, 2019
ZDNet asked ConnectWise for additional details about the attacks, but the company did not respond. ZDNet went on to state that if customers would know what ports the attackers are targeting, the types of attacks hackers are launching, or what type of ransomware hackers are attempting to install, this would help many companies take preventative measures.
This would be the second time this year that attackers have targeted ConnectWise to penetrate its customer networks and deploy ransomware. In February, a malicious group exploited an outdated plugin for ConnectWise Manage to deploy versions of the GandCrab ransomware on the networks of more than 100 companies, stated ZDNet.
Instead of taking a huge risk with hosting an IT management solution on-premise, as well as forking-out more capital for additional assets to host it on, leverage a fully cloud-based solution where every connection is encrypted end-to-end.
Experience the Power of Syxsense
Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.