Uncategorized

ConnectWise ScreenConnect Mass Exploitation Delivers Ransomware

Hundreds of initial access brokers and cybercrime gangs are jumping on the max-critical CVE-2024-1709 authentication bypass, threatening orgs and downstream customers.
BY Tara Seals, Managing Editor, News, Dark Reading February 23, 2024

Just days after initial exploitation reports started rolling in for a critical security vulnerability in the ConnectWise ScreenConnect remote desktop management service, researchers are warning that a supply chain attack of outsized proportions could be poised to erupt.

Once the bugs are exploited, hackers will gain remote access into “upwards of ten thousand servers that control hundreds of thousands of endpoints,” Huntress CEO Kyle Hanslovan said in emailed commentary, opining that it’s time to prepare for “the biggest cybersecurity incident of 2024.”

ScreenConnect can be used by tech support and others to authenticate to a machine as though they were the user. As such, it could allow threat actors to infiltrate high-value endpoints and exploit their privileges.

Even worse, the application is widely used by managed service providers (MSP) to connect to customer environments, so it can also open the door to threat actors looking to use those MSPs for downstream access, similar to the tsunami of Kaseya attacks that businesses faced in 2021.
ConnectWise Bugs Get CVEs

ConnectWise disclosed the bugs on Monday with no CVEs, after which proof-of-concept (PoC) exploits quickly appeared. On Tuesday, ConnectWise warned that the bugs were under active cyberattack. By Wednesday, multiple researchers were reporting snowballing cyber activity.

The vulnerabilities now have tracking CVEs. One of them is a max-severity authentication bypass (CVE-2024-1709, CVSS 10), which allows an attacker with network access to the management interface to create a new, administrator-level account on affected devices. It can be paired with a second bug, a path-traversal issue (CVE-2024-1708, CVSS 8.4) that allows unauthorized file access.
Initial Access Brokers Ramp Up Activity

According to the Shadowserver Foundation, there are at least 8,200 vulnerable instances of the platform exposed to the Internet within its telemetry, with the majority of them located in the US.

“CVE-2024-1709 is widely exploited in the wild: 643 IPs seen attacking to date by our sensors,” it said in a LinkedIn post.

Huntress researchers said a source within the US intelligence community told them that initial access brokers (IABs) have started pouncing on the bugs to set up shop inside various endpoints, with the intent of selling that access to ransomware groups.

And indeed, on one instance, Huntress observed cyberattackers using the security vulnerabilities to deploy ransomware to a local government, including endpoints likely linked to 911 systems.

“The sheer prevalence of this software and the access afforded by this vulnerability signals we are on the cusp of a ransomware free-for-all,” Hanslovan said. “Hospitals, critical infrastructure, and state institutions are proven at risk.”

He added: “And once they start pushing their data encryptors, I’d be willing to bet 90% of preventative security software won’t catch it because it’s coming from a trusted source.”

Bitdefender researchers, meanwhile, corroborated the activity, noting that threat actors are using malicious extensions to deploy a downloader capable of installing additional malware on compromised machines.

“We’ve noticed several instances of potential attacks leveraging the extensions folder of ScreenConnect, [while security tooling] suggests the presence of a downloader based on the certutil.exe built-in tool,” according to a Bitdefender blog post on the ConnectWise cyber activity. “Threat actors commonly employ this tool … to initiate the download of additional malicious payloads onto the victim’s system.”

The US Cybersecurity and Infrastructure Security Agency (CISA) has added the bugs to its Known Exploited Vulnerabilities catalog.
Mitigation for CVE-2024-1709, CVE-2024-1708

On-premises versions up to and including 23.9.7 are vulnerable — so the best protection is identifying all systems where ConnectWise ScreenConnect is deployed and applying the patches, issued with ScreenConnect version 23.9.8.

Organizations should also keep a lookout for indicators of compromise (IoCs) listed by ConnectWise in its advisory. Bitdefender researchers advocate monitoring the “C:\Program Files (x86)\ScreenConnect\App_Extensions\” folder; Bitdefender flagged that any suspicious .ashx and .aspx files stored directly in the root of that folder may indicate unauthorized code execution.

Also, there could be good news on the horizon: “ConnectWise stated they revoked licenses for unpatched servers, and while it’s unclear on our end how this works, it appears this vulnerability is still a major concern for anyone running a vulnerable version or who did not patch swiftly,” Bitdefender researchers added. “This is not to say ConnectWise’s actions aren’t working, we’re unsure of how this played out at this time.”

Article ( https://www.darkreading.com/remote-workforce/connectwise-screenconnect-mass-exploitation-delivers-ransomware?_mc=NL_DR_EDT_DR_weekly_20240229&cid=NL_DR_EDT_DR_weekly_20240229&sp_aid=121742&elq_cid=34964379&sp_eh=949bacdba1e2c4851acc11df0ff47140b1c6468716621bc723fe5fe498198bd9&sp_eh=949bacdba1e2c4851acc11df0ff47140b1c6468716621bc723fe5fe498198bd9&sp_cid=52262)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Phishline Training
“Where Service and Technical Skills Count”

Bitdefender releases MDM protection finally Gravity Zone Portal

Security for Mobile is a cloud-only mobile security solution able to protect mobile devices with Android or iOS operating systems against multiple threat vectors.

  • Features:
  • Advanced malware detection – safeguards mobile devices from a broad variety of threats by offering comprehensive malware detection capabilities.
  • Phishing protection – analyses incoming messages and detects any malicious links or content that could be used to acquire sensitive data or credentials.
  • Network security – offers an extensive set of tools for protecting mobile devices against a variety of network-based hazards. It helps assure the security and integrity of mobile devices in the current threat landscape by monitoring network traffic, providing secure connectivity, and detecting and preventing attacks.·
  • Compliance and policy enforcement – assist organizations in protecting their mobile devices from a variety of threats and ensuring that they are used securely and compliantly by making sure that all applications are properly vetted.
  • Mobile threat intelligence – provides users the real-time security and analytics they need to protect their mobile devices from a variety of threats.
  • Integration with mobile device management (MDM) solutions – enhances mobile security features. Because of the integration, enterprises may install the mobile threat defense solution using their existing MDM infrastructure. The integration also enables mobile device security policies to be enforced automatically.
  • Web content filtering – warns and prevent users from accessing potentially harmful websites and links, such as malware, phishing, botnets, and suspicious domains, or websites that violate your organization’s standards.
  • Are you an ISP, MSP, VAR or reseller?
  • All MspPortal Partners currently can be provisioned upon request, pricing is very aggressive tier pricing available no contract, just monthly usage.
  • Contact Us

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, Axcient

“Where Service and Technical Skills Count”

MspPortal Partners Steps up with a Major Purchase

Most everybody know MspPortal Partners supplies security software at wholesale price’s
We now have added Total Email Protection with Barracuda
This allows us to offer 3 different flavors at wholesale pricing.
1) Advanced Email Protection-
Combine email gateway and artificial intelligence to block threats Ensure protection against all 13 email threat types. Automatically remediate post-delivery email threats.

2) Complete Mail Protection-
Includes everything from Advanced. Backs up all O365 and Gsuite components off the O365 and Gsuite Servers

3) Total Mail Protection-
Includes everything from Premium. Protect and restore your Microsoft 365 data. Protect your Microsoft 365 applications from lateral attacks. Plus Phisline-Sentinal

You will be provided as normal up to 3rd level support which puts MspPortal Partners on top of the distributors in the Security Software Arena.
We have 24x7x365 support
Working hours are M-F 7:30am- 5pm MST/Arizona
Coming soon this month will be bundle pricing Mail Filtering (Barracuda), RMM (Barracuda), Antivirus/Antimalware (Bitdefender) this will ensure all Partners and there Customers are protected at all times.

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”

Microsoft 365 outage knocks down admin center in North America

By Sergiu Gatlan July 28, 2022 01:12 PM 0

Microsoft is investigating an ongoing incident impacting administrators in North America who report seeing blank pages and 404 errors when trying to access the Microsoft 365 admin center.

This outage could affect any admin in North America, as the company revealed on the Microsoft 365 Service health status page.

“The majority of affected admins report that a blank page renders when attempting to access the admin center, and no perceivable error message is presented,” Microsoft said.

“A limited number of admins report that a 404 error or ‘Loading chunk (number) failed’ is shown intermittently.”

Redmond is working on discovering the issue that triggered this incident and trying to find a potential fix to address its impact on North American admins.

“We’re reviewing networking data to determine the source of impact, as well as determining if a potential fix is available to remediate impact,” the company added.

We’ve received reports from some admins in North America that they’re unable to access the Microsoft 365 admin center. Additional information can be found at https://t.co/lbjX5hSWLp or under MO406459 in the Microsoft 365 admin center.
— Microsoft 365 Status (@MSFTExchange Online, Outlook365Status) July 28, 2022

Today’s incident follows a massive outage that hit multiple Microsoft 365 services with Teams integrations last week.

As the company revealed in a preliminary post-incident report, last week’s outage was triggered by a faulty Enterprise Configuration Service (ECS) deployment that triggered cascading failures and availability impact worldwide.

Exchange Online and Outlook were hit by a second outage that prevented customers from signing into their accounts and accessing and receiving emails.

Article (https://www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-knocks-down-admin-center-in-north-america/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

Per Bitdefender “Managed services provider hosts the most in endpoint security”

MspPortal Partners simplifies and strengthens security in the cloud:

MspPortal Partners is a managed services provider (MSP) for internet service providers, resellers, value added
resellers and other MSPs. The company delivers comprehensive endpoint security, secure email, and networking in an OEM
arrangement with major manufacturers, hosted in a multitenant cloud environment.

An MSP takes on considerable responsibility by hosting critical business services for its
clients. That responsibility is multiplied when you’re the MSP for hundreds of other service
providers. Such a responsibility requires absolute confidence and trust in the solutions you
provide. Just ask MspPortal Partners.
This innovative MSP supports hundreds of MSPs, ISPs and resellers with everything they
need to offer their customers robust business solutions, such as endpoint security. MspPortal
Partners’ success is built on providing delivery and support services of the highest quality to
its clients.

Bitdefender Cloud Security for MSPs enables MspPortal Partners to deliver comprehensive
endpoint security services, including built-in firewall protection with intrusion detection,
content filtering and advanced antimalware and antivirus capabilities. The solution also gives
MspPortal Partners a multitenant dashboard for granular client specific policy management,
extensive reporting, and easy deployment of endpoint protection to multiple clients.

MspPortal Partners’ reputation for delivering reliable, economical, easy-to-manage endpoint
security has helped the company attract more than 76 new resellers in six months. And by
reselling Bitdefender Cloud Security for MSPs, these service provider customers also have
increased their revenue streams 33-40 percent. Not surprisingly, customer loyalty to MspPortal
Partners is also strong.

MspPortal Assisted a reseller to Deployed security to 52,000
endpoints in three days at 26 different school sites

Bitdefender-Business-CaseStudy-Msp-Portal-Partners

MspPortal Partners will be offering to all partners a Bitdefender Gravity Zone Policy review and update

MspPortal Partners

Will be offering to all partners a Bitdefender Gravity Zone Policy review and update

Free of charge

This will only be offered to MspPortal Partners for a limited time through the middle of October 2021 on Tuesdays and Thursdays from 8 am to 11:30 am MST/NO DST

If you are not one of the 425 partners you are more than welcome to change out your existing Distributor/Partner

Existing partners and new partners are welcome go to the website www.mspportalpartners.net and fill out the contact form

MspPortal Partners specializes in Bitdefender Gravity Zone Malware protection

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Bitdefender / Distributor

“Where Service and Technical Skills Count”

Little about MspPortal Partners and Bitdefender relationship

1) We do 1,2,3 line tech support for Bitdefender Gravity Zone we average 60 tech cases a week just on 1 and 2nd level support we typically solve our case load within 15-30 minutes
2) We do the hands on Training (1 hour) no power point live. When we are done you can start selling that day. We write a default policy that will keep you out of trouble and avoid Crypto. We also do a lot of Bitdefender’s beta work. Helps us to be better service to you
3) We do the licenses (reality we just keep your bucket full so it’s nothing more than adding more licenses when needed (just send an email to us) You only pay for what you use/install
4) Last we do the invoicing 2nd of the month we make sure you receive a report of the breakdown for your billing on the first. for the prior month (arrears)
5) The reality is even though we are a distributor we are really a VAD value add we work for a living 😉
6) Techs since 1994 when Roy Miehe started this firm

We will be glad to answer any questions you may have and also share some best practices with you.

Bitdefender has a great program with solutions specifically tailored for MSPs..

With Barracuda Advanced Threat Protection

With Barracuda Advanced Threat Protection
MspPortal Partners blocked 767 Infected attachments in the last 24 hours protecting our partners clients from becoming/getting infected. Thousand of dollars were saved in mitigation costs

Scan Description the file was scanned by the Barracuda Advanced Threat Protection (ATP) service. ATP scans for malware, zero-day exploits, and targeted attacks not detected by other virus scanning features or the intrusion prevention system. ATP analyzes files in a secure cloud environment and makes an overall determination once scanning is complete.

Most of the blocked emails were Microsoft: docx, xlsm , xlsx, pdf, exe and rar

MspPortal Partners is a leader in providing security software to the Tech Community at better then wholesale pricing , service and support

Experienced Support for Advanced Ransomware Threats

When it comes to your personal or business cybersecurity, you need solutions that you can trust. You need partners and suppliers that exude confidence. This trust comes from experience; a proven history of working with and protecting organizations like yours against all types of cybersecurity threats, from malware to phishing attacks, simple spam to ransomware.

In today’s environment of advanced threats, you need a firm such as MspPortal Partners to assist you in protecting your business, and or your personal computer. MspPortal has more than 400 tech firms and 2,000 techs on the ground, and we work with the leading endpoint security solution providers in the industry.

On February 5th, the National Cyber Investigative Joint Task Force (NCIJTF) released a joint-sealed ransomware factsheet to address current ransomware threats and provide information on prevention and mitigation techniques. The factsheet was developed by an interagency group of subject matter experts from more than 15 government agencies to increase awareness of the ransomware threats to police and fire departments; state, local, tribal, and territorial governments; and critical infrastructure entities.

To reduce the risk of public and private sector organizations falling victim to common infection vectors like those outlined in the NCIJTF factsheet, CISA launched the Reduce the Risk of Ransomware Campaign in January 2021 to provide informational resources to support organizations’ cybersecurity and data protection posture against ransomware. Please download and read the PDF. Direct PDF Ransomware_Fact_Sheet

 

The NCIJTF fact sheet outlines five best practices to minimize ransomware risks.

  1. Backup your data, system images, and configurations, test your backups, and keep the backups offline
  2. Utilize multi-factor authentication
  3. Update and patch systems
  4. Make sure your security solutions are up to date
  5. Review and exercise your incident response plan

At MspPortal Partners, we supply one, two and even three (when needed) in typically 1-2 hours either by email or a direct call we are here to be of service.

Our technology solutions include Bitdefender, which leads the market in malware protection. There are a lot of firms that use extreme marketing dollars to profess to be the best, but in industry antivirus comparisons and reviews, Bitdefender is always is on top. All resellers and distributors that work with Mspportal Partners are trained by Roy Miehe, a top trainer and antivirus professional that has worked in the anti-virus industry since 1996, and as a tech since 1994, working on many beta Microsoft products. He has propelled MspPortal Partners to a leading MSPs working only with the best-of-breed solutions.

Please take the time to send a note (Contact page link) over and we will find the best tech firm for your needs. MspPortal offers a number of technology services, in addition to security solutions.