Security Expert On ConnectWise Ransomware Attacks

Experts comments on the recent ConnectWise’s announcement that hackers have targeted on-premise Automate systems so they can take over servers and then deploy ransomware across a company’s entire computer fleet. More than 100,000 IT professional users are advised to block access to ConnectWise Automate servers.

Mendy Green, Director of Technical Services ,  IntelliComp Technologies
November 11, 2019
Block 3306 not 443!
I love how everyone commenting on the news hasn't actually spoken to ConnectWise or even fully read the email released by ConnectWise as a follow up to the tweet. BLOCK INBOUND 3306 is the message ConnectWise is trying to send. Mysql has been a target for a long time by bad actors, and should never be open to the public. The link ConnectWise included was to a standard setup document that literally ....
[Read More >>]
James Carder, Chief Information Security Officer & Vice President,  LogRhythm Labs
November 11, 2019
If an attacker compromises that system, he gets unfettered access to the entire environment.
Threat actors and criminals always look for the easiest way to break into an organization, while also being the most covert. In cases like ransomware, the goal is to use the initial access into the environment to move to and compromise as many systems as possible. This allows the attacker to rapidly inflict as much pain as possible, bringing the company to its knees and maximizing the attacker’s ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments

In this article