ConnectWise’s remote access and support software ScreenConnect, sold to MSPs and enterprises, has been compromised by hackers, admits the vendor.
While not providing details of the hack, ConnectWise claims it has mitigated the threat to users.
The company holds its annual customer and partner event, IT Nation Secure in Orlando, Florida next week, and no doubt the threat will be discussed there.
Cloud and on-premises versions of ConnectWise ScreenConnect have been continually patched against other potential threats over the last year, but this latest attack actually compromised ConnectWise’s own infrastructure, and that is the most concerning thing for MSPs that receive the company’s software to serve their own end customers with it.
AnyDesk, TeamViewer and BeyondTrust provide similar software solutions to ConnectWise here, and their products have all been breached recently too.
This is what ConnectWise said about its own breach: “We recently learned of suspicious activity within our environment that we believe was tied to a sophisticated nation state actor, which affected a very small number of ScreenConnect customers.
“We have launched an investigation with one of the leading forensic experts, Mandiant [owned by Google Cloud]. We have contacted all affected customers and are coordinating with law enforcement.”
It says it has now implemented “enhanced monitoring and hardening measures across our environment”. It added: “We have not observed any further suspicious activity in any customer instances.”
While ConnectWise can say a “very small number” of ScreenConnect customers were affected, if any one of them was an MSP, the potential threat to a large number of their own end customers could have been substantial. But, at the moment, we don’t know if that happened or not.
