Malicious actors are targeting ConnectWise Automate, an RMM (remote monitoring and management) software platform that's popular with MSPs (managed IT services providers) and technology solutions providers (TSPs), the company warned on Thursday.
In a tweet, ConnectWise wrote:
"We want to inform you there are recent reports of malicious actors targeting open ports for ConnectWise Automate on-premises application to introduce ransomware. Please ensure that your ports are not left open to the internet based on our best practices: " ow.ly/bmbs30pQG57
Hackers frequently target MSP software platforms from multiple vendors with malware and ransomware attacks, the FBI has repeatedly warned. In a typical attack, prying open one digital doorway within an MSP often leads to multiple partner and end-customer systems.
MSPs Rethink Cybersecurity
Amid that reality, many MSPs are embracing the NIST cybersecurity framework to evaluate and mitigate risk within their own businesses.
For its part, ConnectWise is working to build an Information Sharing and Analysis Organization (ISAO) for technology solutions providers. The Technology Solution Provider ISAO (TSP-ISAO) has essentially spun out of ConnectWise and will be independently funded to ensure vendor neutrality. MSP industry veteran MJ Shoer is leading that effort.
Meanwhile, most major MSP and RMM software providers now enforce or will soon enforce two-factor authentication as a means to further mitigate MSP risk.