ConnectWise Warns About Remote Desktop Phishing Campaign

‘There have been no successful attacks to our knowledge. We are seeing an uptick in activity, so we wanted to get good information out there and make sure people are diligent and aware. I spent years in government. We probably overcommunicate,’ says ConnectWise CISO Patrick Beggs.

A sample of a phishing email courtesy of ConnectWise.

MSP technology platform provider ConnectWise this week warned of a new sophisticated phishing campaign that could provide unauthorized access to the ConnectWise Control remote desktop software application.

In a cybersecurity advisory posted online Tuesday, ConnectWise warned that the new attack could lead to unauthorized access to Control instances.

ConnectWise Control is a software application that lets remote workers and IT teams connect instantly and reliably to remote endpoints operating with Windows, MacOS, ChromeOS, Linux and Unix, and nearly every major browser.

[Related: ConnectWise CTO: ‘My Primary Goal Is To Build Solutions That Solve Partners’ Problems’]

ConnectWise calls Control a secure application which includes AES-256 encryption and two-factor authentication.

“We are aware of a phishing campaign that mimics ConnectWise Control New Login Alert emails and has the potential to lead to unauthorized access to legitimate Control instances. We know email phishing attacks continue to get more sophisticated, mirroring legitimate email and web content,” ConnectWise wrote in the advisory.

As part of the advisory, which included a screenshot (above) showing a link to a malicious site, ConnectWise also provided a link to a security alert checklist of how to respond in case of a suspicious security email alert, as well as a separate link to the ConnectWise Control security guide.

The possibility of a phishing attack is always serious, said Patrick Beggs, ConnectWise chief information security officer.

In the case of the latest warning, it is just an alert to be careful when using ConnectWise Control and not a flaw, Beggs told CRN.

“There have been no successful attacks to our knowledge,” he said. “We are seeing an uptick in activity, so we wanted to get good information out there and make sure people are diligent and aware. I spent years in government. We probably over-communicate.”

The ConnectWise Control advisory comes just weeks after Key Pyle, a researcher with Philadelphia-based cybersecurity firm CYBIR, last month discovered an actual flaw in ConnectWise that would allow attackers to take remote control over a user’s system if a user clicked on a link in a phishing attack, according to security news site Krebs On Security.

Beggs said that researcher reached out to ConnectWise to identify the issue, after which ConnectWise pushed out a patch.

“We work with the research community all the time,” he said.

Beggs, after the October flaw was discovered, said in a statement, “ConnectWise takes the security of our products and our partners very seriously. We truly appreciate any and all information, regardless of the level of detail, that our community can provide to help us continually improve our products and services. ConnectWise released Control versions 22.8.10013 and 22.9.10032 to mitigate the URL manipulation as reported by the security researcher. These builds were publicly released within a week of receiving the researcher‘s initial report.

KME Systems, a Lake Forest, Calif.-based MSP that works with ConnectWise, is aware of the ConnectWise Control advisory, company President Mark Essayian told CRN.

Every company has issues, even the largest vendors like Microsoft, Essayian said.

“I don’t want to sound nonchalant, but I’ve dealt with these things for years,” he said. “This is something we have to live with day to day. I’m just glad to be a ConnectWise partner.”

ConnectWise is very “severe” in its response to any issues customers find in its technology, by which he meant the vendor takes those issues seriously, Essayian said.

“ConnectWise will put the right people on the problem,” he said. “They understand what can hurt us and our customers. I think [ConnectWise CEO Jason] Magee says, ‘If we see an issue, we announce it and fix it.’ And what else should you expect from a partner.”