February 22, 2024 at 01:35PM
Attackers exploit a severe authentication bypass vulnerability to breach unpatched ScreenConnect servers, deploying LockBit ransomware. ConnectWise released security updates, including a patch for a high-severity path traversal flaw. Both bugs impact all ScreenConnect versions. CISA ordered U.S. federal agencies to secure servers within a week. Threat actors have deployed LockBit ransomware in recent attacks. Operation Cronos dismantled LockBit’s infrastructure, leading to arrests and indictments.
The meeting notes describe a significant security threat involving the exploitation of vulnerabilities in ScreenConnect servers to deploy LockBit ransomware. The CVE-2024-1709 authentication bypass vulnerability and the high-severity CVE-2024-1708 path traversal vulnerability have been actively exploited, prompting ConnectWise to release security updates. Additionally, CISA has issued an order to secure servers affected by CVE-2024-1709, and Sophos X-Ops has observed LockBit ransomware attacks exploiting these vulnerabilities.
The meeting notes also mention the dismantling of LockBit ransomware’s infrastructure in a global law enforcement operation called Operation Cronos. As a result, a free LockBit 3.0 Black Ransomware decryptor has been developed, and arrests and indictments have been made against LockBit threat actors.
Overall, the notes highlight the urgency of addressing the vulnerabilities in ScreenConnect servers to mitigate the risk of LockBit ransomware attacks and the ongoing law enforcement efforts to target LockBit threat actors. It is crucial for the company to take prompt action to secure its servers and stay informed about the latest developments in this cyber threat landscape.