The hackers that orchestrated the Wipro security breach disclosed last week allegedly hit a number of other solution providers as well, including Avanade and Capgemini, but for small and midsize MSPs, the real worry is a report that bad actors used a ConnectWise tool to help spread the attack.
ConnectWise Chief Product Officer Jeff Bishop told CRN last week that it appears that hackers found a way to legitimately use the tool. He added that Wipro is not a ConnectWise customer. Bishop’s comments came after KrebsOnSecurity reported that the vendor investigating the incident had thus far found that more than 100 Wipro endpoints were seeded with ConnectWise Control (formerly ScreenConnect), a remote support and remote access tool.
MSPs told CRN that if the tools they use to manage their customers’ networks are not secure, then it doesn’t matter how much they invest in security. While the details of the Wipro security breach and preciscely how ConnectWise technology was used to spread the attack are still emerging, MSPs said the prospect of IT service management tools playing a role in such an attack is chilling.
In response to this concern, ConnectWise CEO Jason Magee released the following statement to CRN:
“MSPs are increasingly being targeted by bad actors and are experiencing malicious attacks. Like many of the leading vendors, ConnectWise is committed to helping MSPs prevent and mitigate these threats. We know that sometimes our remote monitoring tools can be used by these bad actors. At the end of 2018, we invested in Perch Security and we acquired Sienna Group so that we can offer additional tools and expertise to our partners to help them fend off these attacks.
“In October of 2018, during our IT Nation industry events, we released a ‘Protect Your House’ program for MSPs with the goal of helping them identify cyber-threats leveraging our new cybersecurity assessment product, now called ConnectWise Identify. We are currently building out our cybersecurity platform, including ConnectWise Identify, and adhering to the Cybersecurity Framework written by NIST (National Institute of Standards and Technology), because it provides a way for MSPs to assess security risks in a way that is understandable to their customers and provides guidelines on protection and response. At IT Nation Connect [in late 2018], (former CEO) Arnie (Belini) talked about the steps we’re taking to ensure ConnectWise is as secure as possible and how we have an on-going program to strengthen our cybersecurity profile.
“ConnectWise regularly conducts penetration tests that are performed by both internal and external ‘ethical hackers’ and we run vulnerability assessments on our systems and products on a consistent basis. We currently use solutions that automatically evaluate activity and behaviors, machine learning and data protection, as well as identity access management. We encourage people to read our security overview to learn about our governance, our internal security stack, our security monitoring and more.
“ConnectWise takes cyber security seriously and we realize that rumored and confirmed security incidents create stress and concern for our partners. Once we become aware of an issue, we are proactive in taking steps to resolve and/or make our partners aware of the risk. This is often accomplished via our in-app messaging capabilities.
“Our partners and solution partners can use SecurityResponse@ConnectWise.com to report suspected security incidents related to our products or to inquire about a potential security incident that is associated with a ConnectWise product.
“We believe that mitigating cyber security threats starts with understanding them. ConnectWise offers educational webinars, documentation and cyber security best practices as well as guides on maintaining proper security controls for ConnectWise products.”