Cytracom’s Proactive Response to ConnectWise ScreenConnect Vulnerability

The Cytracom threat hunting team rapidly detected the attack vector associated with the recent ConnectWise ScreenConnect exploit and took proactive action before the threat was publicly acknowledged.

March 7, 2024

Cytracom Threat Team Response

Leveraging our advanced threat intelligence and the far-reaching telemetry collected across thousands of MSP networks, the Cytracom threat hunting team rapidly detected the attack vector associated with the recent ConnectWise ScreenConnect exploit and took proactive action before the threat was publicly acknowledged.

Unusual activity targeting our MSP partner networks triggered the attention of the team. Once the attack signature had been identified, the team was able to quickly pinpoint which of our partners were at risk and, upon identification, deployed global network policies designed to block the attack by limiting access to vulnerable ports. Although protected, partners should be diligent with deploying patches as outlined in the security incident details to enable safe functionality of the ConnectWise ScreenConnect service.

Our team communicated with all partners who were at risk, confirming that no action was required from partners to protect themselves from the attack, allowing partners to remediate the vulnerability when convenient

Our threat hunting team's swift and proactive action underscores Cytracom's unwavering commitment to protecting our partners from the evolving complexities of cyber threats. Our dedication to and focus on the MSP market leads us to be acutely attuned to the threats aimed at harming the IT channel.

What Our Partners Have to Say

The feedback from our MSP partners has been overwhelmingly positive and filled with gratitude. Following are quotes from real MSPs who experienced the results of our approach:

  • “Had I only been using a Firewall such as a Fortinet versus having Cytracom during the latest ConnectWise ScreenConnect Vulnerability, things would have been much worse.”
  • “You guys saved me! Kudos to you and your proactive TEAM.”
  • “Had Cytracom not taken the proactive approach to shutting down traffic yesterday, a payload to my clients could have been pushed out and devastated my business.”
  • “With my own eyes and experience, I have now witnessed firsthand how closely things are being watched and monitored by Cytracom.”
  • “We got everything patched and up to date. You really saved my BACON.”
  • “Thanks for bringing this to our attention. We have patched our premise-based ScreenConnect Deployment.”

Your Dedicated Security Partner

As the communication and security needs of the workforce evolve, Cytracom continues to deliver powerful yet intuitive solutions that enable MSPs to meet the challenges of security, compliance, and connectivity. Cytracom will continue its pursuit of delivering comprehensive and preemptive security, powered by our proprietary threat intelligence and unrivaled network access control. Cytracom will persist in offering preemptive security measures powered by our proprietary threat intelligence and the swift adaptability of our response capabilities.

To learn more about partnering with Cytracom, get in touch with us.


On February 19, 2024, ConnectWise published a security advisory for ScreenConnect version 23.9.8, referencing two vulnerabilities that expose the management software and an MSP’s managed endpoints to unauthenticated access. A critical vulnerability, CVE-2024-1709, was reported by a security researcher. It allows anonymous attackers to exploit an authentication bypass flaw to create admin accounts on publicly exposed instances. Essentially, a bad actor could mimic the role of system admin, delete all other users, and take over the instance.

Notice of Incident from ConnectWise

CWE Description
CWE-288 Authentication bypass using an alternate path or channel
CWE-22 Improper limitation of a pathname to a restricted directory (“path traversal”)

To learn more about our security posture and request access to our security documentation, visit the Cytracom Trust Center.