Researchers Warn of Mass Attack on Easy-to-Exploit Security Bugs in ConnectWise Remote Access Software

A security researcher has warned of a mass attack on easy-to-exploit security bugs in ConnectWise remote access software. The vulnerabilities, which were discovered by researchers at Check Point Software Technologies, could be exploited to take full control of infected machines and launch DDoS attacks against other systems. The vulnerabilities are believed to have been introduced into the ConnectWise software in the summer of 2023 and have been actively exploited since then. According to Check Point, the bugs affect all versions of the ConnectWise Remote Desktop software, including the latest version, 9.9.2.1. The vulnerabilities are being used by attackers to take full control of infected machines and launch DDoS attacks against other systems. This is a serious issue, as many organizations rely on ConnectWise Remote Desktop for remote access to their networks. The researchers have advised organizations to patch the vulnerabilities as soon as possible, and to also implement additional security measures, such as intrusion detection and prevention systems, to monitor for signs of an attack. It's important for organizations to take this issue seriously and take action to protect their networks from potential attacks.