Expert Comments

Security Expert On ConnectWise Ransomware Attacks

Expert(s): Security Experts
Expert(s): Security Experts

Experts comments on the recent ConnectWise’s announcement that hackers have targeted on-premise Automate systems so they can take over servers and then deploy ransomware across a company’s entire computer fleet. More than 100,000 IT professional users are advised to block access to ConnectWise Automate servers.

Experts Comments

November 11, 2019
James Carder
Chief Information Security Officer & Vice President
LogRhythm Labs
Threat actors and criminals always look for the easiest way to break into an organization, while also being the most covert. In cases like ransomware, the goal is to use the initial access into the environment to move to and compromise as many systems as possible. This allows the attacker to rapidly inflict as much pain as possible, bringing the company to its knees and maximizing the attacker’s reward.df The most obvious entry point that satisfies this scenario is an approved, privileged,.....Read More
Threat actors and criminals always look for the easiest way to break into an organization, while also being the most covert. In cases like ransomware, the goal is to use the initial access into the environment to move to and compromise as many systems as possible. This allows the attacker to rapidly inflict as much pain as possible, bringing the company to its knees and maximizing the attacker’s reward.df The most obvious entry point that satisfies this scenario is an approved, privileged, understood, knowledgeable, and centralized system used to manage a company’s computer systems. If an attacker compromises that system, he gets unfettered access to the entire environment. Moreover, he can thwart many security operations teams. Installing software (since ransomware is nothing more than software) is likely standard operating procedure for that system, so it still appears to be acting normally. This tactic is nothing new to security incidents and breaches; nation state threat actors and others have used it for decades.  Read Less
November 11, 2019
Mendy Green
Director of Technical Services
IntelliComp Technologies
I love how everyone commenting on the news hasn't actually spoken to ConnectWise or even fully read the email released by ConnectWise as a follow up to the tweet. BLOCK INBOUND 3306 is the message ConnectWise is trying to send. Mysql has been a target for a long time by bad actors, and should never be open to the public. The link ConnectWise included was to a standard setup document that literally reviews the ports that should be forwarded and points out 3306 should NOT be forwarded. The news.....Read More
I love how everyone commenting on the news hasn't actually spoken to ConnectWise or even fully read the email released by ConnectWise as a follow up to the tweet. BLOCK INBOUND 3306 is the message ConnectWise is trying to send. Mysql has been a target for a long time by bad actors, and should never be open to the public. The link ConnectWise included was to a standard setup document that literally reviews the ports that should be forwarded and points out 3306 should NOT be forwarded. The news cycle has turned this into a media circus and over stating what is happening.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.
SUBMIT

You may also like

Panasonic Becomes Latest Victim Of Data Breach – Security Expert...

Clearview’s £17 Million Fine For Processing 10+ Billion Images Is...

Booz Allen Report On CISOs And China Quantum Computing Risks,...

Experts Reactions On Sky Broadband Hack Warning

Ransomware Set To Break Records This Black Friday 2021

Security Expert On Apple Suing NSO Group

Meta Delays Plans To Rollout End-to-end Encryption

NCSC Issues Black Friday Warning To Tetailers

How The Zelle Fraud Scam Steals Your Bank Credentials

GoDaddy Data Breach Impacts Over A Million Users, Experts Reactions

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts