According to TechRadar, although the LockBit cybercriminal group’s website and server infrastructure have now been disabled, this does not prevent hacker groups affiliated with them from continuing to attack businesses and develop data decoding tools.
New reports from multiple cybersecurity companies say a group of hackers affiliated with LockBit is taking advantage of a newly discovered security vulnerability in ConnectWise’s ScreenConnect program to install ransomware
Earlier this year, ConnectWise discovered two critical vulnerabilities in the company’s ScreenConnect product, one a vulnerability maximum severity CVE-2024-1709 authentication bypass and the second a potentially exploitable vulnerability. path direction CVE-2024-1708 has a high severity level.
These two vulnerabilities caused a lot of trouble for ScreenConnect users, causing the company to remove all license restrictions to allow even companies with expired licenses to upgrade. On the other hand, CISA has asked US federal agencies to apply the patch no later than February 29.
Even before LockBit appeared, there was evidence that other hacker groups were exploiting these vulnerabilities to compromise vulnerable endpoints and systems.
Now, as reported by BleepingComputer, both Sophos X-Ops and Huntress security teams have confirmed that groups affiliated with LockBit are taking advantage of this security vulnerability. Sophos Threat Response said: “Over the past 24 hours, we have observed several LockBit attacks, which appear to be exploiting recent ConnectWise ScreenConnect vulnerabilities (including CVE-2024- 1708/CVE-2024-1709)”.
There are two things worth noting here: the first is that ScreenConnect vulnerabilities are being actively exploited in the wild. Second, despite the crackdown by many law enforcement agencies against LockBit, it appears that some cybercriminal groups associated with them are still active.
Earlier this week, LockBit’s website and database were seized by UK authorities, finding information about victims, multiple ransom payments, and affiliated hacker groups So far No one has been arrested yet