In recent weeks, the cybersecurity landscape faced a significant upheaval with the breach of ScreenConnect, a widely used remote support and remote access tool. The breach sent shockwaves through the Managed Service Provider (MSP) community, raising urgent concerns about client data security and the integrity of remote access solutions. Here at Netlogic Computer Consulting, we swiftly responded to the threat, fortifying our defenses and safeguarding our clients’ systems. Now, we aim to share our insights and recommendations to empower fellow MSPs in navigating this challenging scenario.

Understanding the Breach

The attack leveraged ScreenConnect’s built-in functionality to distribute malware to unsuspecting users. Attackers exploited weaknesses in the software’s authentication mechanism, allowing them to gain unauthorized access to systems. Once inside, they utilized ScreenConnect’s legitimate features to execute malicious payloads, bypassing traditional security measures.

One of the most alarming aspects of this attack was its stealthy nature. By operating within the confines of a trusted remote access tool, attackers flew under the radar, evading detection by conventional security solutions. This underscores the importance of vigilance and the need for MSPs to adopt proactive security measures to combat such threats effectively.

The attack also demonstrated a high degree of sophistication in its execution. Attackers utilized various tactics, including social engineering and obfuscation techniques, to conceal their activities and evade detection. This highlights the evolving threat landscape faced by MSPs and underscores the importance of continuous monitoring and threat intelligence sharing within the community.

Immediate Actions for MSPs

In the aftermath of the ScreenConnect breach, swift and decisive action is paramount. MSPs must prioritize patching clients’ ScreenConnect applications to mitigate the risk of exploitation. Patch management should be treated as a non-negotiable aspect of cybersecurity hygiene, ensuring that systems are fortified against known vulnerabilities.

Any computer with a ScreenConnect version less than 23.9.8.8811 is susceptible to being hacked.

To quickly patch all managed devices in ScreenConnect:

Select all machines in Access group “All Machines” and “Reinstall” ScreenConnect. Not all machines will accept the “Reinstall” command for various reasons (offline, network connection, anti-virus, etc.). We recommend creating a “Vulnerable Versions” Access group to collect all the machines that are not up to par. Session Filter is below:

Additionally, conducting comprehensive security audits across all client environments can help identify any signs of compromise and bolster defenses against future threats.

Long-Term Security Measures

While addressing immediate vulnerabilities is crucial, MSPs must also adopt a proactive approach to long-term security. Continuous monitoring and threat detection mechanisms are essential for identifying and neutralizing emerging threats in real-time. Furthermore, ongoing employee training is indispensable in cultivating a culture of cybersecurity awareness, empowering staff to recognize and thwart potential attacks. Regular updates and patches across all software and systems should be diligently implemented to stay ahead of evolving threats.

Best Practices for MSPs

As trusted advisors to their clients, MSPs bear a significant responsibility in safeguarding their digital assets. Vendor risk management should be a top priority, with thorough assessments and due diligence conducted when selecting and managing third-party tools like ScreenConnect. Having a well-defined incident response plan in place is crucial for effectively handling security breaches, minimizing their impact, and swiftly restoring normal operations. Moreover, robust backup and recovery strategies are indispensable for ensuring business continuity in the face of adversity.

Take a Stand with Netlogic Computer Consulting

The breach of ScreenConnect serves as a stark reminder of the ever-present cybersecurity threats facing organizations of all sizes. As MSPs, it is incumbent upon us to remain vigilant, proactive, and resilient in the face of adversity. By prioritizing patch management, implementing robust security measures, and fostering a culture of cybersecurity awareness, we can collectively strengthen our defenses and mitigate the risk of future breaches. At Netlogic, we stand ready to assist our fellow MSPs in navigating these challenges and safeguarding the digital landscape for all.

Join us in taking a stand against cyber threats. Reach out to our team at Netlogic Computer Consulting for expert guidance and support in fortifying your clients’ defenses and ensuring their peace of mind in an increasingly digital world. Together, we can rise to the challenge and emerge stronger and more resilient than ever before.