ConnectWise has issued an advisory, warning users to be on guard against a new round of email phishing attempts that mimic legitimate email alerts the company sends when it detects unusual activity on a customer account. It is an unusually sophisticated phishing attack that can let bad actors take remote control over user systems when recipients click the included link.
The ConnectWise warning comes amid breach reports from other major providers of remote support technologies: GoTo, investigating a security incident involving “unusual activity within our development environment and third-party cloud storage services”. The third-party cloud storage service is currently shared by both GoTo and its affiliate, the password manager service LastPass. LastPass issued an advisory stating the intruders leveraged information stolen during a previous intrusion in August 2022 to gain access to “certain elements of our customers’ information.” However, LastPass maintains that its “customer passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture.”
Please understand, these IT tools are important and work as they should until some bad actor takes advantage of them. We are not singling out any one product or platform, we just want to raise more awareness of the seriousness of phishing attacks and the general importance of staying alert and aware of potentially dangerous content.
Most of these attacks start with compromised credentials and not having MFA/2FA on an account. Users click on phishing links and put their usernames and passwords in pop-ups or malicious forms every day. By using MFA/2FA, you can potentially stop this whole threat chain from happening.
If you have encountered something suspicious you think is using ConnectWise Control for malicious purposes, please report it to our team.